Переглянути джерело

v1.2.0 support --servername option for pentesting

pull/2/head v1.2.0
AJ ONeal 6 роки тому
джерело
коміт
312a5de977
  1. 11
      README.md
  2. 11
      cmd/sclient/main.go
  3. 11
      sclient.go

11
README.md

@ -69,6 +69,7 @@ sclient [flags] <remote> <local>
* flags
* -k, --insecure ignore invalid TLS (SSL/HTTPS) certificates
* --servername <string> spoof SNI (to disable use IP as &lt;remote&gt; and do not use this option)
* remote
* must have servername (i.e. example.com)
* port is optional (default is 443)
@ -112,3 +113,13 @@ Piping
```bash
printf "GET / HTTP/1.1\r\nHost: telebit.cloud\r\n\r\n" | sclient telebit.cloud:443
```
Testing for security vulnerabilities on the remote:
```bash
sclient -servername "Robert'); DROP TABLE Students;" example.com localhost:3000
```
```bash
sclient -servername "../../../.hidden/private.txt" example.com localhost:3000
```

11
cmd/sclient/main.go

@ -25,6 +25,7 @@ func usage() {
func main() {
flag.Usage = usage
insecure := flag.Bool("k", false, "ignore bad TLS/SSL/HTTPS certificates")
servername := flag.String("servername", "", "specify a servername different from <remote> (to disable SNI use an IP as <remote> and do use this option)")
flag.BoolVar(insecure, "insecure", false, "ignore bad TLS/SSL/HTTPS certificates")
flag.Parse()
remotestr := flag.Arg(0)
@ -41,10 +42,12 @@ func main() {
}
}
opts := &sclient.PipeOpts{}
opts.RemotePort = 443
opts.LocalAddress = "localhost"
opts.InsecureSkipVerify = *insecure
opts := &sclient.PipeOpts{
RemotePort: 443,
LocalAddress: "localhost",
InsecureSkipVerify: *insecure,
ServerName: *servername,
}
remote := strings.Split(remotestr, ":")
//remoteAddr, remotePort, err := net.SplitHostPort(remotestr)

11
sclient.go

@ -46,6 +46,7 @@ type PipeOpts struct {
LocalAddress string
LocalPort int
InsecureSkipVerify bool
ServerName string
}
type Tun struct{}
@ -88,7 +89,10 @@ func pipe(r Rwc, w Rwc, t string) {
func handleConnection(remote string, conn Rwc, opts *PipeOpts) {
sclient, err := tls.Dial("tcp", remote,
&tls.Config{InsecureSkipVerify: opts.InsecureSkipVerify})
&tls.Config{
ServerName: opts.ServerName,
InsecureSkipVerify: opts.InsecureSkipVerify,
})
if err != nil {
fmt.Fprintf(os.Stderr, "[error] (remote) %s\n", err)
@ -111,7 +115,10 @@ func handleConnection(remote string, conn Rwc, opts *PipeOpts) {
func (*Tun) DialAndListen(opts *PipeOpts) error {
remote := opts.RemoteAddress + ":" + strconv.Itoa(opts.RemotePort)
conn, err := tls.Dial("tcp", remote,
&tls.Config{InsecureSkipVerify: opts.InsecureSkipVerify})
&tls.Config{
ServerName: opts.ServerName,
InsecureSkipVerify: opts.InsecureSkipVerify,
})
if err != nil {
fmt.Fprintf(os.Stderr, "[warn] '%s' may not be accepting connections: %s\n", remote, err)

Завантаження…
Відмінити
Зберегти