root
/
sclient.js
miroir de https://git.coolaj86.com/coolaj86/sclient.js
2
1
Bifurcation 0
Code Tickets Versions Wiki Activité
Secure Client for node.js for tunneling over TLS (a.k.a. SSL) to expose secured service as plain-text locally - also enables multiplexing a single port with multiple protocols via SNI
Vous ne pouvez pas sélectionner plus de 25 sujets Les noms de sujets doivent commencer par une lettre ou un nombre, peuvent contenir des tirets ('-') et peuvent comporter jusqu'à 35 caractères.
20 Révisions
1 Branche
13 Tags
38 KiB
 
Branche: master
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Créer la branche ${ searchTerm }
de 'master'
${ noResults }
AJ ONeal 6e796da80a
v1.4.3: add sh header to js bin file 		il y a 6 ans
bin v1.4.3: add sh header to js bin file il y a 6 ans
LICENSE v1.0.0: initial release il y a 6 ans
README.md v1.4.1: update README il y a 6 ans
index.js v1.4.0: add support for rsync and pass all leftover flags to rsync and/or ssh il y a 6 ans
package.json v1.4.3: add sh header to js bin file il y a 6 ans

README.md

sclient.js

Secure Client for exposing TLS (aka SSL) secured services as plain-text connections locally.

Also ideal for multiplexing a single port with multiple protocols using SNI.

Unwrap a TLS connection:

$ sclient whatever.com:443 localhost:3000
> [listening] whatever.com:443 <= localhost:3000

Connect via Telnet

$ telnet localhost 3000

Connect via netcat (nc)

$ nc localhost 3000

cURL

$ curl http://localhost:3000 -H 'Host: whatever.com'

Inverse SSH proxy (ssh over https):

$ sclient ssh user@example.com

(this is the same as a normal SSH Proxy, just easier to type):

$ ssh -o ProxyCommand="sclient %h" user@example.com

Inverse rsync proxy (rsync over https):

$ sclient rsync user@example.com:path/ path/

A poor man's (or Windows user's) makeshift replacement for openssl s_client, stunnel, or socat.

Install

macOS, Linux, Windows

First download and install the current version of node.js

npm install -g sclient

npx sclient example.com:443 localhost:3000

Usage

sclient [flags] [ssh|rsync] <remote> [local]
  • flags
    • -k, --insecure ignore invalid TLS (SSL/HTTPS) certificates
    • --servername <string> spoof SNI (to disable use IP as <remote> and do not use this option)
  • remote
    • must have servername (i.e. example.com)
    • port is optional (default is 443)
  • local
    • address is optional (default is localhost)
    • must have port (i.e. 3000)

Examples

Bridge between telebit.cloud and local port 3000.

sclient telebit.cloud 3000

Same as above, but more explicit

sclient telebit.cloud:443 localhost:3000

Ignore a bad TLS/SSL/HTTPS certificate and connect anyway.

sclient -k badtls.telebit.cloud:443 localhost:3000

Reading from stdin

sclient telebit.cloud:443 -

sclient telebit.cloud:443 - </path/to/file

ssh over https

sclient ssh user@telebit.cloud

rsync over https

sclient rsync -av user@telebit.cloud:my-project/ ~/my-project/

Piping

printf "GET / HTTP/1.1\r\nHost: telebit.cloud\r\n\r\n" | sclient telebit.cloud:443

Testing for security vulnerabilities on the remote:

sclient --servername "Robert'); DROP TABLE Students;" -k example.com localhost:3000

sclient --servername "../../../.hidden/private.txt" -k example.com localhost:3000