1
0
mirror of https://github.com/therootcompany/sclient synced 2024-11-16 17:09:00 +00:00
sclient/README.md

130 lines
2.7 KiB
Markdown
Raw Normal View History

2018-08-06 16:55:45 -06:00
sclient.go
==========
Secure Client for exposing TLS (aka SSL) secured services as plain-text connections locally.
Also ideal for multiplexing a single port with multiple protocols using SNI.
Unwrap a TLS connection:
```bash
$ sclient whatever.com:443 localhost:3000
2018-08-06 17:34:32 -06:00
> [listening] whatever.com:443 <= localhost:3000
2018-08-06 16:55:45 -06:00
```
Connect via Telnet
```bash
$ telnet localhost 3000
```
Connect via netcat (nc)
```bash
$ nc localhost 3000
```
2018-08-06 17:34:32 -06:00
cURL
```bash
$ curl http://localhost:3000 -H 'Host: whatever.com'
```
2018-08-06 16:55:45 -06:00
A poor man's (or Windows user's) makeshift replacement for `openssl s_client`, `stunnel`, or `socat`.
Install
=======
### Downloads
* [Windows 10](https://telebit.cloud/sclient/dist/windows/amd64/sclient.exe)
* [Mac OS X](https://telebit.cloud/sclient/dist/darwin/amd64/sclient)
* [Linux (x64)](https://telebit.cloud/sclient/dist/linux/amd64/sclient)
* [Raspberry Pi (armv7)](https://telebit.cloud/sclient/dist/linux/armv7/sclient)
* more downloads <https://telebit.cloud/sclient/>
2018-08-06 22:36:46 -06:00
### Build from source
2018-08-06 16:55:45 -06:00
For the moment you'll have to install go and compile `sclient` yourself:
* <https://golang.org/doc/install#install>
```bash
2019-05-21 18:54:02 -06:00
git clone https://git.rootprojects.org/root/sclient.go.git
2018-08-06 16:58:41 -06:00
pushd sclient.go
go build -o dist/sclient cmd/sclient/main.go
2018-08-06 17:20:30 -06:00
rsync -av dist/sclient /usr/local/bin/sclient
2019-05-21 18:54:02 -06:00
sclient example.com:443 localhost:3000
2018-08-06 16:55:45 -06:00
```
2019-05-21 18:54:02 -06:00
Or
2018-08-06 16:55:45 -06:00
```bash
2019-05-21 18:54:02 -06:00
go get git.rootprojects.org/root/sclient.go/cmd/sclient
go run git.rootprojects.org/root/sclient.go/cmd/sclient example.com:443 localhost:3000
2018-08-06 16:55:45 -06:00
```
Usage
=====
```bash
2018-08-06 17:05:39 -06:00
sclient [flags] <remote> <local>
2018-08-06 16:55:45 -06:00
```
2018-08-06 17:05:39 -06:00
* flags
* -k, --insecure ignore invalid TLS (SSL/HTTPS) certificates
* --servername <string> spoof SNI (to disable use IP as &lt;remote&gt; and do not use this option)
2018-08-06 16:55:45 -06:00
* remote
* must have servername (i.e. example.com)
* port is optional (default is 443)
* local
* address is optional (default is localhost)
* must have port (i.e. 3000)
Examples
========
Bridge between `telebit.cloud` and local port `3000`.
```bash
sclient telebit.cloud 3000
```
Same as above, but more explicit
```bash
sclient telebit.cloud:443 localhost:3000
```
Ignore a bad TLS/SSL/HTTPS certificate and connect anyway.
```bash
2018-08-06 17:05:39 -06:00
sclient -k badtls.telebit.cloud:443 localhost:3000
2018-08-06 16:55:45 -06:00
```
2018-08-08 00:16:52 -06:00
Reading from stdin
```bash
sclient telebit.cloud:443 -
```
```bash
sclient telebit.cloud:443 - </path/to/file
```
Piping
```bash
printf "GET / HTTP/1.1\r\nHost: telebit.cloud\r\n\r\n" | sclient telebit.cloud:443
```
Testing for security vulnerabilities on the remote:
```bash
2018-09-03 16:05:50 -06:00
sclient --servername "Robert'); DROP TABLE Students;" -k example.com localhost:3000
```
```bash
2018-09-03 16:05:50 -06:00
sclient --servername "../../../.hidden/private.txt" -k example.com localhost:3000
```