You can use OpenSSL on the sending end, and sslproxy on the receiving end. I used the two in a recent pentest for hijacking of an web SSL session. For shell-shoveling though cryptcat should work just fine for you. What is your reason to make it extra complicated? Regards, Frank On Thu, 2002-07-25 at 12:41, Jeremy Junginger wrote: > In conducting a pen-test, I have run into a situation where I would like > to transmit data (without using cryptcat) by using OpenSSL and Netcat > through the firewall and past the IDS (nothing but net...heheh..). Any > tips on how to "play catch" across the network using SSL and netcat on > both the client and the server? Thanks for the help! > > Schematic ? > [pc]----files(over ssl)---->[firewall]--->[IDS]---->files(over ssl) > --->[external server] > | > [IDS] > | > [DMZ] > > Jeremy > > > ---------------------------------------------------------------------------- > This list is provided by the SecurityFocus Security Intelligence Alert (SIA) > Service. For more information on SecurityFocus' SIA service which > automatically alerts you to the latest security vulnerabilities please see: > https://alerts.securityfocus.com/
This archive was generated by hypermail 2b30 : Sat Jul 27 2002 - 07:18:41 PDT