There probably aren't many people using to encrypt their traffic any more, but in case anyone was thinking about it, please don't.
Breaking the encryption of this tool was a challenge for Real World CTF 2020.
By defaul the tunnel uses AES-CFB with a static Initialisation Vector, so multiple connections are encrypted using the same keystream. Furthermore, the streams are malleable, so an adversary can capture your traffic and decrypt it by replaying it through your own proxy server.
Here is a full writeup
There probably aren't many people using to encrypt their traffic any more, but in case anyone was thinking about it, please don't.
Breaking the encryption of this tool was a challenge for Real World CTF 2020.
By defaul the tunnel uses AES-CFB with a static Initialisation Vector, so multiple connections are encrypted using the same keystream. Furthermore, the streams are malleable, so an adversary can capture your traffic and decrypt it by replaying it through your own proxy server.
Here is a full writeup