Before we talk about alternatives to Stunnel, let's recap what Stunnel is.

What is Stunnel

Stunnel is a library for wrapping arbitrary data and arbitrary traffic in a completely legit SSL layer. This traffic is then passed to a remote server, also running Stunnel, that unwraps the traffic. The advantage of wrapping the traffic in an SSL layer is, the traffic will get through any firewall that has a hole in port 443 (which is most firewalls). Since you can wrap just about anything, including SSH traffic, FTP traffic, Tor traffic, or OpenVPN traffic through Stunnel, you can run anything you want through port 443. The best part about SSL traffic on port 443 is that the data are encrypted, so there is no actual inspection of packet contents - only a superficial check that the packet is properly formed.

As an added bonus, this is also an excellent method for bypassing captive portals - the websites that require you to enter a username and password for access, or that require you to purchase internet access for a block of time. These setups often leave open ports for DNS (53), HTTPS (443), and HTTP (80). If HTTPS traffic can't be inspected, it can't be determined whether the request is for the site to pay for your internet access, or the site where you are watching cat videos without paying.

What else is there

The principle behind Stunnel can be applied to protocols other than HTTPS - that is simply a convenient protocol because port 443 is often open, and the contents of packets are not inspected.

Iodine: like stunnel for dns

You can also tunnel the IP protcol through DNS packets. These packets appear to be going to a DNS server, which is actually your own server running Iodine on the other end. Through these DNS requests and responses, data can be transferred back and forth on the sly. Again, this is a great way to bypass captive portals, as the DNS port is often wide open and DNS packets are not being inspected closely.

Link: http://code.kryo.se/iodine/

My notes: Iodine

Flags

ssh secure shell, the most useful tool in unix SSH  · Category:SSH Tunnels: Building SSH tunnels: SSH Tunnels Tunnel SSH through HTTPS: Stunnel Tunnel SSH through DNS: Iodine Raspberry Pi and SSH: RaspberryPi/Headless  · RaspberryPi/Reverse SSH RaspberryPi/SSH Stunnel  · RaspberryPi/Reverse SSH Stunnel Category:SSH  · Category:Networking Linux and SSH: Linux/SSH Metasploitable/SSH Category:SSH  · Category:Kali  · Category:Networking Flags  · Template:SSHFlag  · e

Kali Linux "The quieter you become, the more you are able to hear." Penetration testing Linux distribution. Kali  · Category:Kali Kali/Wireless Reboot Kali Software: Kali Tools Kali Top 10 Aircrack  · Wireshark  · John the Ripper  · Nmap  · Metasploit Framework Dsniff  · Tcpdump  · Hydra  · Sqlmap  · Burpsuite  · OWASP Zap Dirbuster  · Recon-ng  · Valgrind Attack Workflow: Kali/Workflow 1 Physical Attacks: Kali/Layer 1 Attacks 2 Data/MAC Attacks: Kali/Layer 2 Attacks 3 Network Attacks: Kali/Layer 3 Attacks 4 Transport Attacks: Kali/Layer 4 Attacks 5 Session Attacks: Kali/Layer 5 Attacks 6 Presentation Attacks: Kali/Layer 6 Attacks 7 Application Attacks: Kali/Layer 7 Attacks Red Team Blue Team Metasploitable - Red Team Metasploitable - Blue Team Networking: Kali/Hotspot  · Kali/OpenVPN  · Kali/OpenVPN/Hotspot  · Kali/OpenVPN/PIA Kali/IPv6 Booting: Kali/Dual Boot OS X  · Kali/Live USB  · Kali/Persistent USB Installing: Kali/Installing  · Kali/Post Install  · Kali/Fixes Kali on Raspberry Pi: Kali Raspberry Pi  · Kali Raspberry Pi/Installing  · Kali Raspberry Pi/Headless  · Kali Raspberry Pi/Post-Install Category:Security  · Category:Wireless  · Category:Passwords  · Category:Man in the Middle  · Category:Evil Twin Flags  · Template:KaliFlag  · e