Skip to content

Instantly share code, notes, and snippets.

@abbaspour

abbaspour/client.conf

Last active December 17, 2023 22:53
Show Gist options
  • Save abbaspour/ac027a167445aa8d3c08bde4d46d4a6b to your computer and use it in GitHub Desktop.
Save abbaspour/ac027a167445aa8d3c08bde4d46d4a6b to your computer and use it in GitHub Desktop.
Download ZIP
https with stunnel and socat
Raw
readme.md

So this is the setup. We want to know what's an application that only accepts secure connection doing:

Stunnel Diagram

So first create a self-signed certificate and install in into the system:

openssl req -new -x509 -days 365 -nodes -out st.pem -keyout st.pem

then run it:

stunnel client.conf

And second stunnel (listener.conf) is as follows:

stunnel listener.conf

So in between listener and client stunnel instances, we run socat to monitor the traffic:

socat -v tcp-listen:1080,reuseaddr,fork,keepalive tcp:localhost:1081

That's it folks. try accessing localhost:1443 over HTTPS and you can see the plain traffic in the socat terminal.

wget -O - --no-check-certificate https://localhost:1443/

Notes

Q1: where to get stunnel for OS X? don't brew it. try prebuilt packages.

Q2: but I get '''HTTP 404''' all the time? try adding hostname to /etc/hosts. Server name in HTTP header should match

echo "127.0.0.1 www.twitter.com" >> /etc/hosts
echo "127.0.0.1 www.google.com.au" >> /etc/hosts
Raw
client.conf
client = yes
debug = 5
foreground = yes
pid = /var/tmp/stunnel-client.pid
cert= st.pem
[Application]
accept = 1081
connect = 3000
Raw
listener.conf
client = no
debug = 5
foreground = yes
pid = /var/tmp/stunnel-listener.pid
cert= st.pem
[Application]
accept = 0.0.0.0:1443
connect = 1080
Raw
tunnel.sh
#!/usr/bin/env bash
stunnel client.conf &
stunnel listener.conf &
socat -v tcp-listen:1080,reuseaddr,fork,keepalive tcp:localhost:1081
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment