Gopher anyone? - Old school stuff
dami0
I don't think we need a client that can deal with gopher as such, you can simply use an external utility that can deal with SSL and pipe it's unencrypted output into the client.

I've also set up my own gopher hole at gopher://slienz.it with standard port 70 and put a few things like my own gopher client (that is rather unixy and would lend itself well to pipe chains with external utils handling SSL) and some various information about the POSIX Sh.
z3bra
Why would you need SSL with gopher? You're not supposed to send any personnal data, so there is nothing to encrypt. I mean, why would you encrypt the connection used to download a text file that can be seen by everybody? If you want to share it with a single person, you can encrypt the file itself, or send it by email.

But maybe I don't get you point right buddy.
ThePlantMan
The SSL helps prevent a MITM attack where someone changes the data on its way to you.
xero
(24-04-2015, 01:20 AM)ThePlantMan Wrote: The SSL helps prevent a MITM attack where someone changes the data on its way to you.

you could still get ssl stripped and hit w/ webscarab attack. burp suite makes this super trivial these days
venam
(24-04-2015, 01:21 PM)xero Wrote:
(24-04-2015, 01:20 AM)ThePlantMan Wrote: The SSL helps prevent a MITM attack where someone changes the data on its way to you.

you could still get ssl stripped and hit w/ webscarab attack. burp suite makes this super trivial these days
No, as far as I know sslstrip only works if the connection goes from non-secure to secure. If the connection is secure from the start sslstrip won't be able to decipher anything.
z3bra
There might be some hope with stunnel. I didn't try it myself, but it looks like the perfect tool for the job
rain1
Gopher is great! I'd like to set up my own gopher hole.

I recently hacked gtk interface around [cgo](https://github.com/kieselsteini/cgo). While cgo is a really solid client but I didn't like that you had to scroll up when looking at any page longer than your terminal.

* screenshot: http://b.1339.cf/doblcsn.png
* source: https://notabug.org/rain1/ggo

Works on linux and bsd.
venam
(17-08-2015, 07:38 AM)z3bra Wrote: There might be some hope with stunnel. I didn't try it myself, but it looks like the perfect tool for the job

I found tsocks, which let's you use socks5 on any program.

You just have to configure it in /etc/tsocks.conf and tsocks <program> and it'll send all the traffic through the socks5.
That could be a secure way of using gopher.
z3bra
Quote:1.8 beta 5 is out! - 2002-10-23 21:02

I'm all for not looking at "latest commit" or things like that, but a cryptography software whose BETA version came out when I was still learning how to read doesn't look very appealing.
crypto
Anybody else having problems loading http://rickdavis.org:70/ for Videocast's gopher site?




Members  |  Stats  |  Night Mode  |  Help