In the neighborhood of Wed, Feb 4, 2009 at 11:49 AM, C.J. Adams-Collier cjac@colliertech.org mouthed:
19:39 < darkrain42> cj: Also, for the record, I think stunnel just isn't the thing you want to be using. What it seemed to be doing was opening a SSL connectoin to talk.google.com and then writing the raw data from your socket to the server (so Pidgin tries to open an SSL connection and the raw SSL handshake is written to talk.google.com)
Is this correct? I would have expected it to terminate the SSL connection with finch on one port and originate another SSL connection with talk.google.com on another. If I read what he's writing correctly, he's saying that the connection from finch is not terminated, but instead passed through unaltered.
Stunnel does SSL on one side, and cleartext on the other.
If you want to be able to sniff cleartext, while both finch and the jabber server are talking ssl, you need two stunnels:
finch ==ssl==> stunnel_server ==cleartext==> stunnel_client ==ssl==> jabberserver
then sniff on that cleartext loopback port.
Effectively, that makes a no-op - finch talks SSL to the jabber server. You can do that without using Stunnel. Stunnel is not a MITM attack vector. ;-)
-- Brian Hatch A small town that cannot Systems and support one lawyer can Security Engineer always support two. http://www.ifokr.org/bri/