Secure Client for exposing TLS (aka SSL) secured services as plain-text connections locally, and for multiplexing a single port with multiple protocols using SNI
Vous ne pouvez pas sélectionner plus de 25 sujets Les noms de sujets doivent commencer par une lettre ou un nombre, peuvent contenir des tirets ('-') et peuvent comporter jusqu'à 35 caractères.
AJ ONeal 1e9f579043 use go1.11 modules il y a 4 mois
cmd/sclient use go1.11 modules il y a 4 mois
tests support pipes and stdin il y a 9 mois
.gitignore add .gitignore il y a 9 mois
LICENSE v1.0.0: first working version il y a 9 mois
README.md update -servername => --servername il y a 8 mois
build-all.sh use conventional command and package paths il y a 9 mois
go.mod use go1.11 modules il y a 4 mois
sclient.go v1.2.0 support --servername option for pentesting il y a 8 mois

README.md

sclient.go

Secure Client for exposing TLS (aka SSL) secured services as plain-text connections locally.

Also ideal for multiplexing a single port with multiple protocols using SNI.

Unwrap a TLS connection:

$ sclient whatever.com:443 localhost:3000
> [listening] whatever.com:443 <= localhost:3000

Connect via Telnet

$ telnet localhost 3000

Connect via netcat (nc)

$ nc localhost 3000

cURL

$ curl http://localhost:3000 -H 'Host: whatever.com'

A poor man’s (or Windows user’s) makeshift replacement for openssl s_client, stunnel, or socat.

Install

Downloads

Build from source

For the moment you’ll have to install go and compile sclient yourself:

git clone https://git.coolaj86.com/coolaj86/sclient.go.git
pushd sclient.go
go build -o dist/sclient cmd/sclient/main.go
rsync -av dist/sclient /usr/local/bin/sclient
go run cmd/sclient/main.go example.com:443 localhost:3000

Usage

sclient [flags] <remote> <local>
  • flags
    • -k, --insecure ignore invalid TLS (SSL/HTTPS) certificates
    • --servername spoof SNI (to disable use IP as <remote> and do not use this option)
  • remote
    • must have servername (i.e. example.com)
    • port is optional (default is 443)
  • local
    • address is optional (default is localhost)
    • must have port (i.e. 3000)

Examples

Bridge between telebit.cloud and local port 3000.

sclient telebit.cloud 3000

Same as above, but more explicit

sclient telebit.cloud:443 localhost:3000

Ignore a bad TLS/SSL/HTTPS certificate and connect anyway.

sclient -k badtls.telebit.cloud:443 localhost:3000

Reading from stdin

sclient telebit.cloud:443 -
sclient telebit.cloud:443 - </path/to/file

Piping

printf "GET / HTTP/1.1\r\nHost: telebit.cloud\r\n\r\n" | sclient telebit.cloud:443

Testing for security vulnerabilities on the remote:

sclient --servername "Robert'); DROP TABLE Students;" -k example.com localhost:3000
sclient --servername "../../../.hidden/private.txt" -k example.com localhost:3000