v1.2.0 support --servername option for pentesting

This commit is contained in:
AJ ONeal 2018-08-25 00:37:46 -06:00
parent d4eb17ea44
commit 312a5de977
3 changed files with 27 additions and 6 deletions

View File

@ -69,6 +69,7 @@ sclient [flags] <remote> <local>
* flags * flags
* -k, --insecure ignore invalid TLS (SSL/HTTPS) certificates * -k, --insecure ignore invalid TLS (SSL/HTTPS) certificates
* --servername <string> spoof SNI (to disable use IP as &lt;remote&gt; and do not use this option)
* remote * remote
* must have servername (i.e. example.com) * must have servername (i.e. example.com)
* port is optional (default is 443) * port is optional (default is 443)
@ -112,3 +113,13 @@ Piping
```bash ```bash
printf "GET / HTTP/1.1\r\nHost: telebit.cloud\r\n\r\n" | sclient telebit.cloud:443 printf "GET / HTTP/1.1\r\nHost: telebit.cloud\r\n\r\n" | sclient telebit.cloud:443
``` ```
Testing for security vulnerabilities on the remote:
```bash
sclient -servername "Robert'); DROP TABLE Students;" example.com localhost:3000
```
```bash
sclient -servername "../../../.hidden/private.txt" example.com localhost:3000
```

View File

@ -25,6 +25,7 @@ func usage() {
func main() { func main() {
flag.Usage = usage flag.Usage = usage
insecure := flag.Bool("k", false, "ignore bad TLS/SSL/HTTPS certificates") insecure := flag.Bool("k", false, "ignore bad TLS/SSL/HTTPS certificates")
servername := flag.String("servername", "", "specify a servername different from <remote> (to disable SNI use an IP as <remote> and do use this option)")
flag.BoolVar(insecure, "insecure", false, "ignore bad TLS/SSL/HTTPS certificates") flag.BoolVar(insecure, "insecure", false, "ignore bad TLS/SSL/HTTPS certificates")
flag.Parse() flag.Parse()
remotestr := flag.Arg(0) remotestr := flag.Arg(0)
@ -41,10 +42,12 @@ func main() {
} }
} }
opts := &sclient.PipeOpts{} opts := &sclient.PipeOpts{
opts.RemotePort = 443 RemotePort: 443,
opts.LocalAddress = "localhost" LocalAddress: "localhost",
opts.InsecureSkipVerify = *insecure InsecureSkipVerify: *insecure,
ServerName: *servername,
}
remote := strings.Split(remotestr, ":") remote := strings.Split(remotestr, ":")
//remoteAddr, remotePort, err := net.SplitHostPort(remotestr) //remoteAddr, remotePort, err := net.SplitHostPort(remotestr)

View File

@ -46,6 +46,7 @@ type PipeOpts struct {
LocalAddress string LocalAddress string
LocalPort int LocalPort int
InsecureSkipVerify bool InsecureSkipVerify bool
ServerName string
} }
type Tun struct{} type Tun struct{}
@ -88,7 +89,10 @@ func pipe(r Rwc, w Rwc, t string) {
func handleConnection(remote string, conn Rwc, opts *PipeOpts) { func handleConnection(remote string, conn Rwc, opts *PipeOpts) {
sclient, err := tls.Dial("tcp", remote, sclient, err := tls.Dial("tcp", remote,
&tls.Config{InsecureSkipVerify: opts.InsecureSkipVerify}) &tls.Config{
ServerName: opts.ServerName,
InsecureSkipVerify: opts.InsecureSkipVerify,
})
if err != nil { if err != nil {
fmt.Fprintf(os.Stderr, "[error] (remote) %s\n", err) fmt.Fprintf(os.Stderr, "[error] (remote) %s\n", err)
@ -111,7 +115,10 @@ func handleConnection(remote string, conn Rwc, opts *PipeOpts) {
func (*Tun) DialAndListen(opts *PipeOpts) error { func (*Tun) DialAndListen(opts *PipeOpts) error {
remote := opts.RemoteAddress + ":" + strconv.Itoa(opts.RemotePort) remote := opts.RemoteAddress + ":" + strconv.Itoa(opts.RemotePort)
conn, err := tls.Dial("tcp", remote, conn, err := tls.Dial("tcp", remote,
&tls.Config{InsecureSkipVerify: opts.InsecureSkipVerify}) &tls.Config{
ServerName: opts.ServerName,
InsecureSkipVerify: opts.InsecureSkipVerify,
})
if err != nil { if err != nil {
fmt.Fprintf(os.Stderr, "[warn] '%s' may not be accepting connections: %s\n", remote, err) fmt.Fprintf(os.Stderr, "[warn] '%s' may not be accepting connections: %s\n", remote, err)