Secure Client for node.js for tunneling over TLS (a.k.a. SSL) to expose secured service as plain-text locally - also enables multiplexing a single port with multiple protocols via SNI
Go to file
AJ ONeal d390df175a v1.4.1: update README 2018-09-12 00:28:28 -06:00
bin v1.4.0: add support for rsync and pass all leftover flags to rsync and/or ssh 2018-09-11 23:46:25 -06:00
LICENSE v1.0.0: initial release 2018-08-06 12:27:33 -06:00
README.md v1.4.1: update README 2018-09-12 00:28:28 -06:00
index.js v1.4.0: add support for rsync and pass all leftover flags to rsync and/or ssh 2018-09-11 23:46:25 -06:00
package.json v1.4.0: add support for rsync and pass all leftover flags to rsync and/or ssh 2018-09-11 23:46:25 -06:00

README.md

sclient.js

Secure Client for exposing TLS (aka SSL) secured services as plain-text connections locally.

Also ideal for multiplexing a single port with multiple protocols using SNI.

Unwrap a TLS connection:

$ sclient whatever.com:443 localhost:3000
> [listening] whatever.com:443 <= localhost:3000

Connect via Telnet

$ telnet localhost 3000

Connect via netcat (nc)

$ nc localhost 3000

cURL

$ curl http://localhost:3000 -H 'Host: whatever.com'

Inverse SSH proxy (ssh over https):

$ sclient ssh user@example.com

(this is the same as a normal SSH Proxy, just easier to type):

$ ssh -o ProxyCommand="sclient %h" user@example.com

Inverse rsync proxy (rsync over https):

$ sclient rsync user@example.com:path/ path/

A poor man's (or Windows user's) makeshift replacement for openssl s_client, stunnel, or socat.

Install

macOS, Linux, Windows

First download and install the current version of node.js

npm install -g sclient
npx sclient example.com:443 localhost:3000

Usage

sclient [flags] [ssh|rsync] <remote> [local]
  • flags
    • -k, --insecure ignore invalid TLS (SSL/HTTPS) certificates
    • --servername <string> spoof SNI (to disable use IP as <remote> and do not use this option)
  • remote
    • must have servername (i.e. example.com)
    • port is optional (default is 443)
  • local
    • address is optional (default is localhost)
    • must have port (i.e. 3000)

Examples

Bridge between telebit.cloud and local port 3000.

sclient telebit.cloud 3000

Same as above, but more explicit

sclient telebit.cloud:443 localhost:3000

Ignore a bad TLS/SSL/HTTPS certificate and connect anyway.

sclient -k badtls.telebit.cloud:443 localhost:3000

Reading from stdin

sclient telebit.cloud:443 -
sclient telebit.cloud:443 - </path/to/file

ssh over https

sclient ssh user@telebit.cloud

rsync over https

sclient rsync -av user@telebit.cloud:my-project/ ~/my-project/

Piping

printf "GET / HTTP/1.1\r\nHost: telebit.cloud\r\n\r\n" | sclient telebit.cloud:443

Testing for security vulnerabilities on the remote:

sclient --servername "Robert'); DROP TABLE Students;" -k example.com localhost:3000
sclient --servername "../../../.hidden/private.txt" -k example.com localhost:3000