sclient.js/README.md

sclient.js
==========

Secure Client for exposing TLS (aka SSL) secured services as plain-text connections locally.

Also ideal for multiplexing a single port with multiple protocols using SNI.

Unwrap a TLS connection:

```bash
$ sclient whatever.com:443 localhost:3000
> [listening] whatever.com:443 <= localhost:3000
```

Connect via Telnet

```bash
$ telnet localhost 3000
```

Connect via netcat (nc)

```bash
$ nc localhost 3000
```

cURL

```bash
$ curl http://localhost:3000 -H 'Host: whatever.com'
```

Inverse SSH proxy (ssh over https):

```bash
$ sclient ssh user@example.com
```

(this is the same as a normal SSH Proxy, just easier to type):

```bash
$ ssh -o ProxyCommand="sclient %h" user@example.com
```

Inverse rsync proxy (rsync over https):

```bash
$ sclient rsync user@example.com:path/ path/
```

A poor man's (or Windows user's) makeshift replacement for `openssl s_client`, `stunnel`, or `socat`.

Install
=======

### macOS, Linux, Windows

First download and install the *current* version of [node.js](https://nodejs.org)

```bash
npm install -g sclient
```

```bash
npx sclient example.com:443 localhost:3000
```

Usage
=====

```bash
sclient [flags] [ssh|rsync] <remote> [local]
```

* flags
  * `-k, --insecure` ignore invalid TLS (SSL/HTTPS) certificates
  * `--servername <string>` spoof SNI (to disable use IP as &lt;remote&gt; and do not use this option)
* remote
  * must have servername (i.e. example.com)
  * port is optional (default is 443)
* local
  * address is optional (default is localhost)
  * must have port (i.e. 3000)

Examples
========

Bridge between `telebit.cloud` and local port `3000`.

```bash
sclient telebit.cloud 3000
```

Same as above, but more explicit

```bash
sclient telebit.cloud:443 localhost:3000
```

Ignore a bad TLS/SSL/HTTPS certificate and connect anyway.

```bash
sclient -k badtls.telebit.cloud:443 localhost:3000
```

### Reading from stdin

```bash
sclient telebit.cloud:443 -
```

```bash
sclient telebit.cloud:443 - </path/to/file
```

### ssh over https

```bash
sclient ssh user@telebit.cloud
```

### rsync over https

```bash
sclient rsync -av user@telebit.cloud:my-project/ ~/my-project/
```

### Piping

```bash
printf "GET / HTTP/1.1\r\nHost: telebit.cloud\r\n\r\n" | sclient telebit.cloud:443
```

Testing for security vulnerabilities on the remote:

```bash
sclient --servername "Robert'); DROP TABLE Students;" -k example.com localhost:3000
```

```bash
sclient --servername "../../../.hidden/private.txt" -k example.com localhost:3000
```
v1.0.0: initial release 2018-08-06 18:27:33 +00:00			`sclient.js`
			`==========`

			`Secure Client for exposing TLS (aka SSL) secured services as plain-text connections locally.`

			`Also ideal for multiplexing a single port with multiple protocols using SNI.`

v1.0.2: add homepage link and some keywords 2018-08-06 18:49:17 +00:00			`Unwrap a TLS connection:`
v1.0.0: initial release 2018-08-06 18:27:33 +00:00
			```bash
			`$ sclient whatever.com:443 localhost:3000`
v1.0.4: typo fix in docs and cURL example 2018-08-06 23:36:07 +00:00			`> [listening] whatever.com:443 <= localhost:3000`
v1.0.0: initial release 2018-08-06 18:27:33 +00:00			```

			`Connect via Telnet`

			```bash
			`$ telnet localhost 3000`
			```

			`Connect via netcat (nc)`

			```bash
v1.0.3: fix typo in docs 2018-08-06 22:50:15 +00:00			`$ nc localhost 3000`
v1.0.0: initial release 2018-08-06 18:27:33 +00:00			```

v1.0.4: typo fix in docs and cURL example 2018-08-06 23:36:07 +00:00			`cURL`

			```bash
			`$ curl http://localhost:3000 -H 'Host: whatever.com'`
			```

more ssh proxy examples 2018-09-11 07:58:49 +00:00			`Inverse SSH proxy (ssh over https):`

			```bash
v1.4.1: update README 2018-09-12 06:29:38 +00:00			`$ sclient ssh user@example.com`
more ssh proxy examples 2018-09-11 07:58:49 +00:00			```

			`(this is the same as a normal SSH Proxy, just easier to type):`

			```bash
			`$ ssh -o ProxyCommand="sclient %h" user@example.com`
			```

v1.4.1: update README 2018-09-12 06:29:38 +00:00			`Inverse rsync proxy (rsync over https):`

			```bash
			`$ sclient rsync user@example.com:path/ path/`
			```

v1.0.2: add homepage link and some keywords 2018-08-06 18:49:17 +00:00			A poor man's (or Windows user's) makeshift replacement for `openssl s_client`, `stunnel`, or `socat`.

v1.0.0: initial release 2018-08-06 18:27:33 +00:00			`Install`
			`=======`

			`### macOS, Linux, Windows`

			`First download and install the current version of [node.js](https://nodejs.org)`

			```bash
			`npm install -g sclient`
			```

			```bash
			`npx sclient example.com:443 localhost:3000`
			```

			`Usage`
			`=====`

			```bash
v1.4.1: update README 2018-09-12 06:29:38 +00:00			`sclient [flags] [ssh\|rsync] <remote> [local]`
v1.0.0: initial release 2018-08-06 18:27:33 +00:00			```

v1.2.0: bring up to par with sclient.go; add --servername, allow pipes, use - for stdin 2018-09-03 21:29:19 +00:00			`* flags`
v1.3.0: add inverse ssh proxy 2018-09-11 07:51:42 +00:00			* `-k, --insecure` ignore invalid TLS (SSL/HTTPS) certificates
			* `--servername <string>` spoof SNI (to disable use IP as <remote> and do not use this option)
v1.0.0: initial release 2018-08-06 18:27:33 +00:00			`* remote`
			`* must have servername (i.e. example.com)`
			`* port is optional (default is 443)`
			`* local`
			`* address is optional (default is localhost)`
			`* must have port (i.e. 3000)`

			`Examples`
			`========`

update README 2018-08-06 18:30:29 +00:00			Bridge between `telebit.cloud` and local port `3000`.

v1.0.0: initial release 2018-08-06 18:27:33 +00:00			```bash
			`sclient telebit.cloud 3000`
			```

update README 2018-08-06 18:30:29 +00:00			`Same as above, but more explicit`

v1.0.0: initial release 2018-08-06 18:27:33 +00:00			```bash
			`sclient telebit.cloud:443 localhost:3000`
			```

update README 2018-08-06 18:30:29 +00:00			`Ignore a bad TLS/SSL/HTTPS certificate and connect anyway.`

v1.0.0: initial release 2018-08-06 18:27:33 +00:00			```bash
v1.2.0: bring up to par with sclient.go; add --servername, allow pipes, use - for stdin 2018-09-03 21:29:19 +00:00			`sclient -k badtls.telebit.cloud:443 localhost:3000`
			```

v1.3.0: add inverse ssh proxy 2018-09-11 07:51:42 +00:00			`### Reading from stdin`
v1.2.0: bring up to par with sclient.go; add --servername, allow pipes, use - for stdin 2018-09-03 21:29:19 +00:00
			```bash
			`sclient telebit.cloud:443 -`
			```

			```bash
			`sclient telebit.cloud:443 - </path/to/file`
			```

v1.3.0: add inverse ssh proxy 2018-09-11 07:51:42 +00:00			`### ssh over https`

			```bash
v1.4.0: add support for rsync and pass all leftover flags to rsync and/or ssh 2018-09-12 05:46:25 +00:00			`sclient ssh user@telebit.cloud`
			```

			`### rsync over https`

			```bash
			`sclient rsync -av user@telebit.cloud:my-project/ ~/my-project/`
v1.3.0: add inverse ssh proxy 2018-09-11 07:51:42 +00:00			```

			`### Piping`
v1.2.0: bring up to par with sclient.go; add --servername, allow pipes, use - for stdin 2018-09-03 21:29:19 +00:00
			```bash
			`printf "GET / HTTP/1.1\r\nHost: telebit.cloud\r\n\r\n" \| sclient telebit.cloud:443`
			```

			`Testing for security vulnerabilities on the remote:`

			```bash
			`sclient --servername "Robert'); DROP TABLE Students;" -k example.com localhost:3000`
			```

			```bash
			`sclient --servername "../../../.hidden/private.txt" -k example.com localhost:3000`
v1.0.0: initial release 2018-08-06 18:27:33 +00:00			```