(1)首先将一台bodhi linux当作stunnel server,首先我们先安装一下,然后改为内网地址
(2)之后在防火墙配置一下NAT规则,NAT IP为metasploitable的地址,当作应用服务器(注意,防火墙规则也要放通)
(3)服务器端配置
openssl req -new -days 365 -nodes -x509 -out /etc/stunnel/stunnel.pem -keyout /etc/stunnel/stunnel.pem
cert = /etc/stunnel/stunnel.pem
setuid = stunnel4
setgid = stunnel4
pid = /var/run/stunnel4/stunnel4.pid
[myslqs]
accept = 0.0.0.0:443
connect = 1.1.1.52:3306
/etc/default/stunnel4
ENABLED=1
service stunnel4 start
端口映射TCP/443端口到stunnel4服务端口TCP/443
设置防火墙规则
(4)安装客户端
创建配置文件/etc/stunnel/stunnel.conf
client = yes
[MySQLs]
accept = 3306
connect = 192.168.0.119:443
客户端自动启动
/etc/default/stunnel4
ENABLED=1
service stunnel4 stop / start
mysql -u root -h 127.0.0.1
注意:隧道传输的数据,数据被SSL隧道封装,无法明文被抓取查看