Browse Source

v1.2.0 support --servername option for pentesting

tags/v1.2.0
AJ ONeal 1 year ago
parent
commit
312a5de977
3 changed files with 27 additions and 6 deletions
  1. +11
    -0
      README.md
  2. +7
    -4
      cmd/sclient/main.go
  3. +9
    -2
      sclient.go

+ 11
- 0
README.md View File

@@ -69,6 +69,7 @@ sclient [flags] <remote> <local>

* flags
* -k, --insecure ignore invalid TLS (SSL/HTTPS) certificates
* --servername <string> spoof SNI (to disable use IP as &lt;remote&gt; and do not use this option)
* remote
* must have servername (i.e. example.com)
* port is optional (default is 443)
@@ -112,3 +113,13 @@ Piping
```bash
printf "GET / HTTP/1.1\r\nHost: telebit.cloud\r\n\r\n" | sclient telebit.cloud:443
```

Testing for security vulnerabilities on the remote:

```bash
sclient -servername "Robert'); DROP TABLE Students;" example.com localhost:3000
```

```bash
sclient -servername "../../../.hidden/private.txt" example.com localhost:3000
```

+ 7
- 4
cmd/sclient/main.go View File

@@ -25,6 +25,7 @@ func usage() {
func main() {
flag.Usage = usage
insecure := flag.Bool("k", false, "ignore bad TLS/SSL/HTTPS certificates")
servername := flag.String("servername", "", "specify a servername different from <remote> (to disable SNI use an IP as <remote> and do use this option)")
flag.BoolVar(insecure, "insecure", false, "ignore bad TLS/SSL/HTTPS certificates")
flag.Parse()
remotestr := flag.Arg(0)
@@ -41,10 +42,12 @@ func main() {
}
}

opts := &sclient.PipeOpts{}
opts.RemotePort = 443
opts.LocalAddress = "localhost"
opts.InsecureSkipVerify = *insecure
opts := &sclient.PipeOpts{
RemotePort: 443,
LocalAddress: "localhost",
InsecureSkipVerify: *insecure,
ServerName: *servername,
}

remote := strings.Split(remotestr, ":")
//remoteAddr, remotePort, err := net.SplitHostPort(remotestr)


+ 9
- 2
sclient.go View File

@@ -46,6 +46,7 @@ type PipeOpts struct {
LocalAddress string
LocalPort int
InsecureSkipVerify bool
ServerName string
}

type Tun struct{}
@@ -88,7 +89,10 @@ func pipe(r Rwc, w Rwc, t string) {

func handleConnection(remote string, conn Rwc, opts *PipeOpts) {
sclient, err := tls.Dial("tcp", remote,
&tls.Config{InsecureSkipVerify: opts.InsecureSkipVerify})
&tls.Config{
ServerName: opts.ServerName,
InsecureSkipVerify: opts.InsecureSkipVerify,
})

if err != nil {
fmt.Fprintf(os.Stderr, "[error] (remote) %s\n", err)
@@ -111,7 +115,10 @@ func handleConnection(remote string, conn Rwc, opts *PipeOpts) {
func (*Tun) DialAndListen(opts *PipeOpts) error {
remote := opts.RemoteAddress + ":" + strconv.Itoa(opts.RemotePort)
conn, err := tls.Dial("tcp", remote,
&tls.Config{InsecureSkipVerify: opts.InsecureSkipVerify})
&tls.Config{
ServerName: opts.ServerName,
InsecureSkipVerify: opts.InsecureSkipVerify,
})

if err != nil {
fmt.Fprintf(os.Stderr, "[warn] '%s' may not be accepting connections: %s\n", remote, err)


Loading…
Cancel
Save