On 11 April 2011 12:58, David Porcello <[email protected]> wrote: > I've found it's a very stealthy way to get through webfilters, IPS boxes, and > application-aware firewalls since it appears as SSL/HTTPS traffic instead of > SSH. > d.
This is the kind of thing I was thinking of, this is a good reason to use it over other encrypted communications. Robin > -----Original Message----- > From: [email protected] > [mailto:[email protected]] On Behalf Of Robin Wood > Sent: Monday, April 11, 2011 4:40 AM > To: PaulDotCom Security Weekly Mailing List > Subject: Re: [Pauldotcom] use cases for stunnel > > On 11 April 2011 00:58, Mike Patterson <[email protected]> wrote: >> On 11-04-10 6:50 PM, Robin Wood wrote: >>> I was having a look at stunnel today and I've been wondering about >>> pen-testing use cases for it. I asked on twitter and got a few >>> comments about using it for encrypted data exfiltration but I don't >>> see the point, if you are on a box with stunnel then it probably also >>> has ssh/scp so just use that. >> >> Probably, but you never know. Mine was one of the comments, btw. :) And >> you didn't stipulate that it was already present. :P >> >>> Are there any other good use cases? Places where there isn't already >>> an easily available an encrypted tool that will do the same job. >> >> It sounds like you've got a tool and you're looking for a place to use >> it. Why waste your time? > > I'm trying to work out if it is a waste of time to learn it in depth > or if there are some good situations where it is worth understanding > it. > > What I'm wondering is is there a killer use for it that I really > should know about and know how to use and setup or is it just a tool > that is worth knowing it exists and has a man page and leave it at > that. > > I'm going to look at using it for man-in-the-middle as I like that idea. > > Robin > >> _______________________________________________ >> Pauldotcom mailing list >> [email protected] >> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom >> Main Web Site: http://pauldotcom.com >> > _______________________________________________ > Pauldotcom mailing list > [email protected] > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom > Main Web Site: http://pauldotcom.com > > NOTICE: The information contained in this e-mail and any attachments is > intended solely for the recipient(s) named above, and may be confidential and > legally privileged. If you received this e-mail in error, please notify the > sender immediately by return e-mail and delete the original message and any > copy of it from your computer system. If you are not the intended recipient, > you are hereby notified that any review, disclosure, retransmission, > dissemination, distribution, copying, or other use of this e-mail, or any of > its contents, is strictly prohibited. > > Although this e-mail and any attachments are believed to be free of any virus > or other defects, it is the responsibility of the recipient to ensure that it > is virus-free and no responsibility is accepted by the sender for any loss or > damage arising if such a virus or defect exists. > _______________________________________________ > Pauldotcom mailing list > [email protected] > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom > Main Web Site: http://pauldotcom.com > _______________________________________________ Pauldotcom mailing list [email protected] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
