sclient.js/README.md

138 lines
2.4 KiB
Markdown
Raw Permalink Normal View History

2018-08-06 18:27:33 +00:00
sclient.js
==========
Secure Client for exposing TLS (aka SSL) secured services as plain-text connections locally.
Also ideal for multiplexing a single port with multiple protocols using SNI.
Unwrap a TLS connection:
2018-08-06 18:27:33 +00:00
```bash
$ sclient whatever.com:443 localhost:3000
> [listening] whatever.com:443 <= localhost:3000
2018-08-06 18:27:33 +00:00
```
Connect via Telnet
```bash
$ telnet localhost 3000
```
Connect via netcat (nc)
```bash
2018-08-06 22:50:15 +00:00
$ nc localhost 3000
2018-08-06 18:27:33 +00:00
```
cURL
```bash
$ curl http://localhost:3000 -H 'Host: whatever.com'
```
2018-09-11 07:58:49 +00:00
Inverse SSH proxy (ssh over https):
```bash
$ sclient --ssh user@example.com
```
(this is the same as a normal SSH Proxy, just easier to type):
```bash
$ ssh -o ProxyCommand="sclient %h" user@example.com
```
A poor man's (or Windows user's) makeshift replacement for `openssl s_client`, `stunnel`, or `socat`.
2018-08-06 18:27:33 +00:00
Install
=======
### macOS, Linux, Windows
First download and install the *current* version of [node.js](https://nodejs.org)
```bash
npm install -g sclient
```
```bash
npx sclient example.com:443 localhost:3000
```
Usage
=====
```bash
sclient [flags] <remote> <local>
2018-08-06 18:27:33 +00:00
```
* flags
2018-09-11 07:51:42 +00:00
* `-k, --insecure` ignore invalid TLS (SSL/HTTPS) certificates
* `--servername <string>` spoof SNI (to disable use IP as &lt;remote&gt; and do not use this option)
* `--ssh proxy` proxy ssh over https (_inverse_ ssh proxy, like stunnel)
2018-08-06 18:27:33 +00:00
* remote
* must have servername (i.e. example.com)
* port is optional (default is 443)
* local
* address is optional (default is localhost)
* must have port (i.e. 3000)
Examples
========
2018-08-06 18:30:29 +00:00
Bridge between `telebit.cloud` and local port `3000`.
2018-08-06 18:27:33 +00:00
```bash
sclient telebit.cloud 3000
```
2018-08-06 18:30:29 +00:00
Same as above, but more explicit
2018-08-06 18:27:33 +00:00
```bash
sclient telebit.cloud:443 localhost:3000
```
2018-08-06 18:30:29 +00:00
Ignore a bad TLS/SSL/HTTPS certificate and connect anyway.
2018-08-06 18:27:33 +00:00
```bash
sclient -k badtls.telebit.cloud:443 localhost:3000
```
2018-09-11 07:51:42 +00:00
### Reading from stdin
```bash
sclient telebit.cloud:443 -
```
```bash
sclient telebit.cloud:443 - </path/to/file
```
2018-09-11 07:51:42 +00:00
### ssh over https
```bash
sclient ssh user@telebit.cloud
```
### rsync over https
```bash
sclient rsync -av user@telebit.cloud:my-project/ ~/my-project/
2018-09-11 07:51:42 +00:00
```
### Piping
```bash
printf "GET / HTTP/1.1\r\nHost: telebit.cloud\r\n\r\n" | sclient telebit.cloud:443
```
Testing for security vulnerabilities on the remote:
```bash
sclient --servername "Robert'); DROP TABLE Students;" -k example.com localhost:3000
```
```bash
sclient --servername "../../../.hidden/private.txt" -k example.com localhost:3000
2018-08-06 18:27:33 +00:00
```