I was thinking something more simple like the first scenario. [HTTP?CLIENT] -->[STUNNEL CLIENT]--><whatever>-->[STUNNEL SERVER]-->[HTTP Server]
But the end would be an HTTPS server, which would require a CONNECT to get things going. So: [HTTP Client] -->[STUNNEL CLIENT]--> <whatever>-->[STUNNEL SERVER]-->[REVERSE-PROXY server]--> [HTTPS SERVER] Em ter, 9 de jul de 2019 às 07:00, <[email protected]> escreveu: > Send stunnel-users mailing list submissions to > [email protected] > > To subscribe or unsubscribe via the World Wide Web, visit > https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users > or, via email, send a message with subject or body 'help' to > [email protected] > > You can reach the person managing the list at > [email protected] > > When replying, please edit your Subject line so it is more specific > than "Re: Contents of stunnel-users digest..." > > > Today's Topics: > > 1. Academic doubt about firewall bypass (Brent Kimberley) > 2. How to turn off logging (David Yunker) > 3. Re: How to turn off logging (Thomas Eifert) > > > ---------------------------------------------------------------------- > > Message: 1 > Date: Mon, 8 Jul 2019 16:42:39 +0000 (UTC) > From: Brent Kimberley <[email protected]> > To: <[email protected]> > Cc: "[email protected]" <[email protected]> > Subject: [stunnel-users] Academic doubt about firewall bypass > Message-ID: <[email protected]> > Content-Type: text/plain; charset="utf-8" > > Which scenario did you have in mind? > [HTTP?CLIENT] -->[STUNNEL CLIENT]--><whatever>-->[STUNNEL SERVER]-->[HTTP > Server]?OR[HTTP Client] -->[Forward-proxy client]->?[STUNNEL CLIENT]--> > <whatever>-->[STUNNEL SERVER]-->[REVERSE-PROXY server]--><whatever>--> > [HTTP SERVER ] > > > > From: Hugo Marello <[email protected]> > To: [email protected] > > Hello guys, > I'm new to using stunnel but I find it quite a powerful tool. I'm doing a > POC on how we can bypass our firewall even with DPI, and chose to use > stunnel for an extra layer of cryptography. You don't have to worry about > access to any VM mentioned here. Here is my scenario: > > [CLIENT BROWSER] -->[STUNNEL CLIENT]-->[FIREWALL]-->[STUNNEL > SERVER]-->[REVERSE PROXY]-->[FREE INTERNET] > > So far I succeeded in getting HTTP working using stunnel CONNECT protocol > to the firewall and going all the way through. The problem is when I try to > access HTTPS, the connection get set to the stunnel server but it keeps > waiting for something. Double checked all the logs, firewall can't discern, > stunnel server get the connection, reverse proxy also get the socket > connection. My hypothesis is that stunnel client gets the CONNECT from the > browser and discard it, it uses its own way to connect to the firewall, > instead of encrypting the CONNECT all the way through. As it may seems, I > need a way to send 2 CONNECT packages. Does anyone know how can I proceed? > > Follow my configs: > client = yes > output = /var/log/stunnel4/stunnel.log > debug = 7 > > [bypassclient] > accept = 4000 > connect = firewall.example:3128 > protocolHost = destination.com:443 > protocol = connect > requireCert = no > verifyChain = no > verifyPeer = no > > -------------------------------------------------------------------------------------------------------------------- > [bypassserver] > accept = 0.0.0.0:443 > connect = reverseproxy.com:8888 > cert = /etc/ssl/cert.pem > key = /etc/ssl/key.pem > > ----------------------------------------------------------------------------------------------------------------------- > > > Thank you all in advance, already digging throw the source code (quite lost > tough), > Hugo > -------------- next part -------------- > An HTML attachment was scrubbed... > URL: < > http://www.stunnel.org/pipermail/stunnel-users/attachments/20190708/ab52609e/attachment-0001.htm > > > > ------------------------------ > > Message: 2 > Date: Mon, 8 Jul 2019 21:46:56 +0000 > From: David Yunker <[email protected]> > To: "[email protected]" <[email protected]> > Subject: [stunnel-users] How to turn off logging > Message-ID: > < > mn2pr17mb27350cc77d41064964cc6b34af...@mn2pr17mb2735.namprd17.prod.outlook.com > > > > Content-Type: text/plain; charset="iso-8859-1" > > To whom it may concern, > I would like to know if there is a way to disable logging or set a size > limit or to have it overwrite the log file each time a new log is started? > I am using the Windows version of Stunnel. > > Thank you for your help. > > > -------------- next part -------------- > An HTML attachment was scrubbed... > URL: < > http://www.stunnel.org/pipermail/stunnel-users/attachments/20190708/8a2cdcbe/attachment-0001.htm > > > > ------------------------------ > > Message: 3 > Date: Mon, 8 Jul 2019 17:41:37 -0500 > From: Thomas Eifert <[email protected]> > To: [email protected] > Subject: Re: [stunnel-users] How to turn off logging > Message-ID: <[email protected]> > Content-Type: text/plain; charset="windows-1252"; Format="flowed" > > You most likely have a statement in the global configuration section of > your stunnel.conf such as "output = stunnel.log". > > Removing that statement should terminate logging.? If you would rather > retain logging but wish the previous log to be > > overwritten, add the statement "log = overwrite" to the global > configuration section. (without the quotes) > > > Thomas > > > On 7/8/2019 4:46 PM, David Yunker wrote: > > To whom it may concern, > > I would like to know if there is a way to disable logging or set a > > size limit or to have it overwrite the log file each time a new log is > > started? > > I am using the Windows version of Stunnel. > > > > Thank you for your help. > > > > > > > > _______________________________________________ > > stunnel-users mailing list > > [email protected] > > https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users > > -- > Attention: This message and all attachments are private and may contain > information that is confidential and privileged. If you received this > message in error, please notify the sender by reply email and delete the > message immediately. > > -------------- next part -------------- > An HTML attachment was scrubbed... > URL: < > http://www.stunnel.org/pipermail/stunnel-users/attachments/20190708/3740921b/attachment-0001.htm > > > > ------------------------------ > > Subject: Digest Footer > > _______________________________________________ > stunnel-users mailing list > [email protected] > https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users > > > ------------------------------ > > End of stunnel-users Digest, Vol 180, Issue 1 > ********************************************* >
_______________________________________________ stunnel-users mailing list [email protected] https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users
