sclient.js/README.md

sclient.js
==========

Secure Client for exposing TLS (aka SSL) secured services as plain-text connections locally.

Also ideal for multiplexing a single port with multiple protocols using SNI.

Unwrap a TLS connection:

```bash
$ sclient whatever.com:443 localhost:3000
> [listening] whatever.com:443 <= localhost:3000
```

Connect via Telnet

```bash
$ telnet localhost 3000
```

Connect via netcat (nc)

```bash
$ nc localhost 3000
```

cURL

```bash
$ curl http://localhost:3000 -H 'Host: whatever.com'
```

A poor man's (or Windows user's) makeshift replacement for `openssl s_client`, `stunnel`, or `socat`.

Install
=======

### macOS, Linux, Windows

First download and install the *current* version of [node.js](https://nodejs.org)

```bash
npm install -g sclient
```

```bash
npx sclient example.com:443 localhost:3000
```

Usage
=====

```bash
sclient [flags] <remote> <local>
```

* flags
  * -k, --insecure ignore invalid TLS (SSL/HTTPS) certificates
  * --servername <string> spoof SNI (to disable use IP as &lt;remote&gt; and do not use this option)
* remote
  * must have servername (i.e. example.com)
  * port is optional (default is 443)
* local
  * address is optional (default is localhost)
  * must have port (i.e. 3000)

Examples
========

Bridge between `telebit.cloud` and local port `3000`.

```bash
sclient telebit.cloud 3000
```

Same as above, but more explicit

```bash
sclient telebit.cloud:443 localhost:3000
```

Ignore a bad TLS/SSL/HTTPS certificate and connect anyway.

```bash
sclient -k badtls.telebit.cloud:443 localhost:3000
```

Reading from stdin

```bash
sclient telebit.cloud:443 -
```

```bash
sclient telebit.cloud:443 - </path/to/file
```

Piping

```bash
printf "GET / HTTP/1.1\r\nHost: telebit.cloud\r\n\r\n" | sclient telebit.cloud:443
```

Testing for security vulnerabilities on the remote:

```bash
sclient --servername "Robert'); DROP TABLE Students;" -k example.com localhost:3000
```

```bash
sclient --servername "../../../.hidden/private.txt" -k example.com localhost:3000
```
v1.0.0: initial release 2018-08-06 12:27:33 -06:00			`sclient.js`
			`==========`

			`Secure Client for exposing TLS (aka SSL) secured services as plain-text connections locally.`

			`Also ideal for multiplexing a single port with multiple protocols using SNI.`

v1.0.2: add homepage link and some keywords 2018-08-06 12:49:17 -06:00			`Unwrap a TLS connection:`
v1.0.0: initial release 2018-08-06 12:27:33 -06:00
			```bash
			`$ sclient whatever.com:443 localhost:3000`
v1.0.4: typo fix in docs and cURL example 2018-08-06 17:36:07 -06:00			`> [listening] whatever.com:443 <= localhost:3000`
v1.0.0: initial release 2018-08-06 12:27:33 -06:00			```

			`Connect via Telnet`

			```bash
			`$ telnet localhost 3000`
			```

			`Connect via netcat (nc)`

			```bash
v1.0.3: fix typo in docs 2018-08-06 16:50:15 -06:00			`$ nc localhost 3000`
v1.0.0: initial release 2018-08-06 12:27:33 -06:00			```

v1.0.4: typo fix in docs and cURL example 2018-08-06 17:36:07 -06:00			`cURL`

			```bash
			`$ curl http://localhost:3000 -H 'Host: whatever.com'`
			```

v1.0.2: add homepage link and some keywords 2018-08-06 12:49:17 -06:00			A poor man's (or Windows user's) makeshift replacement for `openssl s_client`, `stunnel`, or `socat`.

v1.0.0: initial release 2018-08-06 12:27:33 -06:00			`Install`
			`=======`

			`### macOS, Linux, Windows`

			`First download and install the current version of [node.js](https://nodejs.org)`

			```bash
			`npm install -g sclient`
			```

			```bash
			`npx sclient example.com:443 localhost:3000`
			```

			`Usage`
			`=====`

			```bash
v1.2.0: bring up to par with sclient.go; add --servername, allow pipes, use - for stdin 2018-09-03 15:29:19 -06:00			`sclient [flags] <remote> <local>`
v1.0.0: initial release 2018-08-06 12:27:33 -06:00			```

v1.2.0: bring up to par with sclient.go; add --servername, allow pipes, use - for stdin 2018-09-03 15:29:19 -06:00			`* flags`
			`* -k, --insecure ignore invalid TLS (SSL/HTTPS) certificates`
			`* --servername <string> spoof SNI (to disable use IP as <remote> and do not use this option)`
v1.0.0: initial release 2018-08-06 12:27:33 -06:00			`* remote`
			`* must have servername (i.e. example.com)`
			`* port is optional (default is 443)`
			`* local`
			`* address is optional (default is localhost)`
			`* must have port (i.e. 3000)`

			`Examples`
			`========`

update README 2018-08-06 12:30:29 -06:00			Bridge between `telebit.cloud` and local port `3000`.

v1.0.0: initial release 2018-08-06 12:27:33 -06:00			```bash
			`sclient telebit.cloud 3000`
			```

update README 2018-08-06 12:30:29 -06:00			`Same as above, but more explicit`

v1.0.0: initial release 2018-08-06 12:27:33 -06:00			```bash
			`sclient telebit.cloud:443 localhost:3000`
			```

update README 2018-08-06 12:30:29 -06:00			`Ignore a bad TLS/SSL/HTTPS certificate and connect anyway.`

v1.0.0: initial release 2018-08-06 12:27:33 -06:00			```bash
v1.2.0: bring up to par with sclient.go; add --servername, allow pipes, use - for stdin 2018-09-03 15:29:19 -06:00			`sclient -k badtls.telebit.cloud:443 localhost:3000`
			```

			`Reading from stdin`

			```bash
			`sclient telebit.cloud:443 -`
			```

			```bash
			`sclient telebit.cloud:443 - </path/to/file`
			```

			`Piping`

			```bash
			`printf "GET / HTTP/1.1\r\nHost: telebit.cloud\r\n\r\n" \| sclient telebit.cloud:443`
			```

			`Testing for security vulnerabilities on the remote:`

			```bash
			`sclient --servername "Robert'); DROP TABLE Students;" -k example.com localhost:3000`
			```

			```bash
			`sclient --servername "../../../.hidden/private.txt" -k example.com localhost:3000`
v1.0.0: initial release 2018-08-06 12:27:33 -06:00			```