erebe
commented
7 months ago Hello,
In case 1, you are using a TLS certificate, one embedded with wstunnel that is self-signed, and the client automatically accept it.
In case 2, you are also using a TLS certificate, one provided by nginx and the wstunnel client also accept it.
It should be noted that, unless you pass --tlsVerifyCertificate flag to the client, it will accept any TLS certificate, even if invalid.
Regarding MITM, yes, you are vulnerable to MITM with wstunnel. But the point of wstunnel is to create a tunnel for your traffic to flow, not a secure tunnel. If you want to escape MITM you should use wstunnel to tunnel traffic that is already secure by design.
For example, using wstunnel only to request https resources, or use it to use ssh or a VPN connection. The point of wstunnel is to create a hole in firewall, you are left to ensure the traffic you tunnel is secure after that.
kanran111
First of all, thank you for creating a very useful project. I would like to inquire about whether wstunnel is secure against Man-in-the-Middle (MITM) attacks or Deep Packet Inspection (DPI) from the router in the following scenarios below: Case 1: Server running: Protocol wss --server wss://0.0.0.0:4096--restrictTo=127.0.0.1:... Client running: -u -L [BIND:]PORT:HOST:PORT "wss://[IP_ADDRESS]" In Case 1, it appears that there may be security concerns because neither the server nor the client seems to specify TLS certificates or a means of ensuring security. Without TLS certificates, the connection may not be adequately secured, and it could potentially be vulnerable to Man-in-the-Middle (MITM) attacks. The absence of TLS certificates means that there is no way for the client to verify the authenticity of the server, and it could indeed result in a situation where security is bypassed, similar to bypassing HTTPS errors. In such cases, the connection may not be adequately secured, and there could be potential security risks.
Case 2 using an Nginx proxy: Server running: Protocol --server ws://0.0.0.0:4096 --restrictTo=127.0.0.1:... Nginx running proxy pass on port 443 with "cert key" and "private key" declared in Nginx < --- > 4096 Client running: -u -L [BIND:]PORT:HOST:PORT "wss://[DOMAIN]" In this case, does the client utilize the TLS provided by Nginx? I notice that other client applications typically include a cacert.pem file to establish trust when connecting, but I don't see the use of this file when the client connects.