Entonces estoy usando stunnel para hablar con un servidor SSL. Me gustaría ver los mensajes que envío antes de que se cifren y, lo que es más importante, los mensajes que recibo después de que se descifren.
Activé el registro de depuración (nivel 7) pero todavía no puedo ver los mensajes. Debajo de los detalles:
stunnel.conf
output = coinsetter.log
[remote]
client = yes
accept = 8888
connect = 198.61.189.25:5001
debug = 7
salida del túnel:
2015.09.23 23:11:17 LOG5[ui]: stunnel 5.18 on x86_64-apple-darwin13.4.0 platform
2015.09.23 23:11:17 LOG5[ui]: Compiled/running with OpenSSL 1.0.1c 10 May 2012
2015.09.23 23:11:17 LOG5[ui]: Threading:PTHREAD Sockets:SELECT,IPv6 TLS:ENGINE,FIPS,OCSP,PSK,SNI
2015.09.23 23:11:17 LOG5[ui]: Reading configuration from file coinsetter.conf
2015.09.23 23:11:17 LOG5[ui]: UTF-8 byte order mark not detected
2015.09.23 23:11:17 LOG5[ui]: FIPS mode disabled
2015.09.23 23:11:17 LOG4[ui]: Authentication is needed to prevent MITM attacks
2015.09.23 23:11:17 LOG5[ui]: Configuration successful
2015.09.23 23:11:40 LOG7[0]: Service [remote] started
2015.09.23 23:11:40 LOG5[0]: Service [remote] accepted connection from 127.0.0.1:57261
2015.09.23 23:11:40 LOG6[0]: failover: round-robin
2015.09.23 23:11:40 LOG6[0]: s_connect: connecting 198.61.189.25:5001
2015.09.23 23:11:40 LOG7[0]: s_connect: s_poll_wait 198.61.189.25:5001: waiting 10 seconds
2015.09.23 23:11:40 LOG5[0]: s_connect: connected 198.61.189.25:5001
2015.09.23 23:11:40 LOG5[0]: Service [remote] connected remote server from 192.168.0.12:57262
2015.09.23 23:11:40 LOG7[0]: Remote socket (FD=9) initialized
2015.09.23 23:11:40 LOG6[0]: SNI: sending servername: staging-fix.coinsetter.com
2015.09.23 23:11:40 LOG7[0]: SSL state (connect): before/connect initialization
2015.09.23 23:11:40 LOG7[0]: SSL state (connect): SSLv2/v3 write client hello A
2015.09.23 23:11:40 LOG7[0]: SSL state (connect): SSLv3 read server hello A
2015.09.23 23:11:40 LOG6[0]: Certificate verification disabled
2015.09.23 23:11:40 LOG6[0]: Certificate verification disabled
2015.09.23 23:11:40 LOG6[0]: Certificate verification disabled
2015.09.23 23:11:40 LOG7[0]: SSL state (connect): SSLv3 read server certificate A
2015.09.23 23:11:40 LOG7[0]: SSL state (connect): SSLv3 read server key exchange A
2015.09.23 23:11:40 LOG7[0]: SSL state (connect): SSLv3 read server done A
2015.09.23 23:11:40 LOG7[0]: SSL state (connect): SSLv3 write client key exchange A
2015.09.23 23:11:40 LOG7[0]: SSL state (connect): SSLv3 write change cipher spec A
2015.09.23 23:11:40 LOG7[0]: SSL state (connect): SSLv3 write finished A
2015.09.23 23:11:40 LOG7[0]: SSL state (connect): SSLv3 flush data
2015.09.23 23:11:40 LOG7[0]: SSL state (connect): SSLv3 read finished A
2015.09.23 23:11:40 LOG7[0]: 1 client connect(s) requested
2015.09.23 23:11:40 LOG7[0]: 1 client connect(s) succeeded
2015.09.23 23:11:40 LOG7[0]: 0 client renegotiation(s) requested
2015.09.23 23:11:40 LOG7[0]: 0 session reuse(s)
2015.09.23 23:11:40 LOG6[0]: SSL connected: new session negotiated
2015.09.23 23:11:40 LOG7[0]: Peer certificate was cached (871 bytes)
2015.09.23 23:11:41 LOG6[0]: Negotiated TLSv1.2 ciphersuite DHE-RSA-AES256-SHA256 (256-bit encryption)
2015.09.23 23:11:41 LOG7[0]: Compression: null, expansion: null
Respuesta1
Puedes hacer esto consocat. Aún mejor, puedes deshacerte del stunnel y hacer que socat haga el SSL por ti, por ejemplo,
socat -v TCP4-LISTEN:8888 SSL:198.61.189.25:5001