mirror of
				https://github.com/therootcompany/sclient
				synced 2024-11-16 17:09:00 +00:00 
			
		
		
		
	Compare commits
	
		
			23 Commits
		
	
	
		
	
	| Author | SHA1 | Date | |
|---|---|---|---|
| 8ba42a09a4 | |||
| 66f2d41c6b | |||
|  | ca84ed48de | ||
| 455db50928 | |||
| 5b0374f2e9 | |||
| af639f0b2e | |||
| 828344802b | |||
| 5334a377a4 | |||
| 959268bf31 | |||
| 79c2ac5f3d | |||
| 1e9f579043 | |||
| 8042bcf41c | |||
| 312a5de977 | |||
| d4eb17ea44 | |||
| c786b0bd07 | |||
| 2235bf3a55 | |||
| 8d4ed210a6 | |||
| b11d446b93 | |||
| 20b9e1043d | |||
| fe525b72c9 | |||
| e9845273b5 | |||
| 1cb03c5a3e | |||
| ab3ad9f5af | 
							
								
								
									
										4
									
								
								.gitignore
									
									
									
									
										vendored
									
									
										Normal file
									
								
							
							
						
						
									
										4
									
								
								.gitignore
									
									
									
									
										vendored
									
									
										Normal file
									
								
							| @ -0,0 +1,4 @@ | ||||
| /sclient | ||||
| /cmd/sclient/sclient | ||||
| 
 | ||||
| dist | ||||
							
								
								
									
										37
									
								
								.goreleaser.yml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										37
									
								
								.goreleaser.yml
									
									
									
									
									
										Normal file
									
								
							| @ -0,0 +1,37 @@ | ||||
| before: | ||||
|   hooks: | ||||
|     - go mod download | ||||
|     - go generate ./... | ||||
| builds: | ||||
|   - main: ./cmd/sclient/main.go | ||||
|     env: | ||||
|       - CGO_ENABLED=0 | ||||
|     goos: | ||||
|       - linux | ||||
|       - windows | ||||
|       - darwin | ||||
|     goarch: | ||||
|       - 386 | ||||
|       - amd64 | ||||
|       - arm | ||||
|       - arm64 | ||||
|     goarm: | ||||
|       - 6 | ||||
|       - 7 | ||||
| archives: | ||||
|   - replacements: | ||||
|       386: i386 | ||||
|       amd64: x86_64 | ||||
|     format_overrides: | ||||
|       - goos: windows | ||||
|         format: zip | ||||
| checksum: | ||||
|   name_template: 'checksums.txt' | ||||
| snapshot: | ||||
|   name_template: "{{ .Tag }}-next" | ||||
| changelog: | ||||
|   sort: asc | ||||
|   filters: | ||||
|     exclude: | ||||
|       - '^docs:' | ||||
|       - '^test:' | ||||
							
								
								
									
										125
									
								
								README.md
									
									
									
									
									
								
							
							
						
						
									
										125
									
								
								README.md
									
									
									
									
									
								
							| @ -1,5 +1,4 @@ | ||||
| sclient.go | ||||
| ========== | ||||
| # sclient | ||||
| 
 | ||||
| Secure Client for exposing TLS (aka SSL) secured services as plain-text connections locally. | ||||
| 
 | ||||
| @ -8,60 +7,75 @@ Also ideal for multiplexing a single port with multiple protocols using SNI. | ||||
| Unwrap a TLS connection: | ||||
| 
 | ||||
| ```bash | ||||
| $ sclient whatever.com:443 localhost:3000 | ||||
| > [listening] telebit.cloud:443 <= localhost:3000 | ||||
| sclient whatever.com:443 localhost:3000 | ||||
| 
 | ||||
| > [listening] whatever.com:443 <= localhost:3000 | ||||
| ``` | ||||
| 
 | ||||
| Connect via Telnet | ||||
| 
 | ||||
| ```bash | ||||
| $ telnet localhost 3000 | ||||
| telnet localhost 3000 | ||||
| ``` | ||||
| 
 | ||||
| Connect via netcat (nc) | ||||
| 
 | ||||
| ```bash | ||||
| $ nc localhost 3000 | ||||
| nc localhost 3000 | ||||
| ``` | ||||
| 
 | ||||
| cURL | ||||
| 
 | ||||
| ```bash | ||||
| curl http://localhost:3000 -H 'Host: whatever.com' | ||||
| ``` | ||||
| 
 | ||||
| A poor man's (or Windows user's) makeshift replacement for `openssl s_client`, `stunnel`, or `socat`. | ||||
| 
 | ||||
| Install | ||||
| ======= | ||||
| # Table of Contents | ||||
| 
 | ||||
| ### macOS, Linux, Windows | ||||
| - [Install](#install) | ||||
| - [Usage](#usage) | ||||
| - [Examples](#examples) | ||||
| - [Build from Source](#build-from-source) | ||||
| 
 | ||||
| For the moment you'll have to install go and compile `sclient` yourself: | ||||
| # Install | ||||
| 
 | ||||
| * <https://golang.org/doc/install#install> | ||||
| ### Mac, Linux | ||||
| 
 | ||||
| ```bash | ||||
| git clone https://git.coolaj86.com/coolaj86/sclient.go.git | ||||
| pushd sclient.go | ||||
| go build sclient*.go | ||||
| rsync -av sclient-cli /usr/local/bin/sclient | ||||
| curl -sS https://webinstall.dev/sclient | bash | ||||
| ``` | ||||
| 
 | ||||
| ```bash | ||||
| go run sclient*.go example.com:443 localhost:3000 | ||||
| curl.exe -A MS https://webinstall.dev/sclient | powershell | ||||
| ``` | ||||
| 
 | ||||
| Usage | ||||
| ===== | ||||
| ### Downloads | ||||
| 
 | ||||
| Check the [Github Releases](https://github.com/therootcompany/sclient/releases) for | ||||
| 
 | ||||
| - macOS (x64) Apple Silicon [coming soon](https://github.com/golang/go/issues/39782) | ||||
| - Linux (x64, i386, arm64, arm6, arm7) | ||||
| - Windows 10 (x64, i386) | ||||
| 
 | ||||
| # Usage | ||||
| 
 | ||||
| ```bash | ||||
| sclient <remote> <local> [-k | --insecure] | ||||
| sclient [flags] <remote> <local> | ||||
| ``` | ||||
| 
 | ||||
| * remote | ||||
|   * must have servername (i.e. example.com) | ||||
|   * port is optional (default is 443) | ||||
| * local | ||||
|   * address is optional (default is localhost) | ||||
|   * must have port (i.e. 3000) | ||||
| - flags | ||||
|   - -k, --insecure ignore invalid TLS (SSL/HTTPS) certificates | ||||
|   - --servername <string> spoof SNI (to disable use IP as <remote> and do not use this option) | ||||
| - remote | ||||
|   - must have servername (i.e. example.com) | ||||
|   - port is optional (default is 443) | ||||
| - local | ||||
|   - address is optional (default is localhost) | ||||
|   - must have port (i.e. 3000) | ||||
| 
 | ||||
| Examples | ||||
| ======== | ||||
| # Examples | ||||
| 
 | ||||
| Bridge between `telebit.cloud` and local port `3000`. | ||||
| 
 | ||||
| @ -78,5 +92,60 @@ sclient telebit.cloud:443 localhost:3000 | ||||
| Ignore a bad TLS/SSL/HTTPS certificate and connect anyway. | ||||
| 
 | ||||
| ```bash | ||||
| sclient badtls.telebit.cloud:443 localhost:3000 -k | ||||
| sclient -k badtls.telebit.cloud:443 localhost:3000 | ||||
| ``` | ||||
| 
 | ||||
| Reading from stdin | ||||
| 
 | ||||
| ```bash | ||||
| sclient telebit.cloud:443 - | ||||
| ``` | ||||
| 
 | ||||
| ```bash | ||||
| sclient telebit.cloud:443 - </path/to/file | ||||
| ``` | ||||
| 
 | ||||
| Piping | ||||
| 
 | ||||
| ```bash | ||||
| printf "GET / HTTP/1.1\r\nHost: telebit.cloud\r\n\r\n" | sclient telebit.cloud:443 | ||||
| ``` | ||||
| 
 | ||||
| Testing for security vulnerabilities on the remote: | ||||
| 
 | ||||
| ```bash | ||||
| sclient --servername "Robert'); DROP TABLE Students;" -k example.com localhost:3000 | ||||
| ``` | ||||
| 
 | ||||
| ```bash | ||||
| sclient --servername "../../../.hidden/private.txt" -k example.com localhost:3000 | ||||
| ``` | ||||
| 
 | ||||
| # Build from source | ||||
| 
 | ||||
| You'll need to install [Go](https://golang.org). | ||||
| See [webinstall.dev/golang](https://webinstall.dev/golang) for install instructions. | ||||
| 
 | ||||
| ```bash | ||||
| curl -sS https://webinstall.dev/golang | bash | ||||
| ``` | ||||
| 
 | ||||
| Then you can install and run as per usual. | ||||
| 
 | ||||
| ```bash | ||||
| git clone https://git.rootprojects.org/root/sclient.go.git | ||||
| 
 | ||||
| pushd sclient.go | ||||
|   go build -o dist/sclient cmd/sclient/main.go | ||||
|   sudo rsync -av dist/sclient /usr/local/bin/sclient | ||||
| popd | ||||
| 
 | ||||
| sclient example.com:443 localhost:3000 | ||||
| ``` | ||||
| 
 | ||||
| ## Install or Run with Go | ||||
| 
 | ||||
| ```bash | ||||
| go get git.rootprojects.org/root/sclient.go/cmd/sclient | ||||
| go run git.rootprojects.org/root/sclient.go/cmd/sclient example.com:443 localhost:3000 | ||||
| ``` | ||||
|  | ||||
							
								
								
									
										126
									
								
								cmd/sclient/main.go
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										126
									
								
								cmd/sclient/main.go
									
									
									
									
									
										Normal file
									
								
							| @ -0,0 +1,126 @@ | ||||
| package main | ||||
| 
 | ||||
| import ( | ||||
| 	"flag" | ||||
| 	"fmt" | ||||
| 	"os" | ||||
| 	"strconv" | ||||
| 	"strings" | ||||
| 
 | ||||
| 	sclient "git.rootprojects.org/root/sclient.go" | ||||
| ) | ||||
| 
 | ||||
| var ( | ||||
| 	// commit refers to the abbreviated commit hash | ||||
| 	commit = "0000000" | ||||
| 	// version refers to the most recent tag, plus any commits made since then | ||||
| 	version = "v0.0.0-pre0+0000000" | ||||
| 	// GitTimestamp refers to the timestamp of the most recent commit | ||||
| 	date = "0000-00-00T00:00:00+0000" | ||||
| ) | ||||
| 
 | ||||
| func ver() string { | ||||
| 	return fmt.Sprintf("sclient %s (%s) %s", version, commit[:7], date) | ||||
| } | ||||
| 
 | ||||
| func usage() { | ||||
| 	fmt.Fprintf(os.Stderr, "\n%s\n"+ | ||||
| 		"\nusage: sclient <remote> <local>\n"+ | ||||
| 		"\n"+ | ||||
| 		"   ex: sclient example.com 3000\n"+ | ||||
| 		"      (sclient example.com:443 localhost:3000)\n"+ | ||||
| 		"\n"+ | ||||
| 		"   ex: sclient example.com:8443 0.0.0.0:4080\n"+ | ||||
| 		"\n"+ | ||||
| 		"   ex: sclient example.com:443 -\n"+ | ||||
| 		"\n", ver()) | ||||
| 	flag.PrintDefaults() | ||||
| 	fmt.Println() | ||||
| } | ||||
| 
 | ||||
| func main() { | ||||
| 	if len(os.Args) >= 2 { | ||||
| 		if "version" == strings.TrimLeft(os.Args[1], "-") { | ||||
| 			fmt.Printf("%s\n", ver()) | ||||
| 			os.Exit(0) | ||||
| 			return | ||||
| 		} | ||||
| 	} | ||||
| 
 | ||||
| 	flag.Usage = usage | ||||
| 	insecure := flag.Bool("k", false, "alias for --insecure") | ||||
| 	silent := flag.Bool("s", false, "alias of --silent") | ||||
| 	servername := flag.String("servername", "", "specify a servername different from <remote> (to disable SNI use an IP as <remote> and do use this option)") | ||||
| 	flag.BoolVar(insecure, "insecure", false, "ignore bad TLS/SSL/HTTPS certificates") | ||||
| 	flag.BoolVar(silent, "silent", false, "less verbose output") | ||||
| 	flag.Parse() | ||||
| 	remotestr := flag.Arg(0) | ||||
| 	localstr := flag.Arg(1) | ||||
| 
 | ||||
| 	i := flag.NArg() | ||||
| 	if 2 != i { | ||||
| 		// We may omit the second argument if we're going straight to stdin | ||||
| 		if stat, _ := os.Stdin.Stat(); 1 == i && (stat.Mode()&os.ModeCharDevice) == 0 { | ||||
| 			localstr = "|" | ||||
| 		} else { | ||||
| 			usage() | ||||
| 			os.Exit(1) | ||||
| 		} | ||||
| 	} | ||||
| 
 | ||||
| 	sclient := &sclient.Tunnel{ | ||||
| 		RemotePort:         443, | ||||
| 		LocalAddress:       "localhost", | ||||
| 		InsecureSkipVerify: *insecure, | ||||
| 		ServerName:         *servername, | ||||
| 		Silent:             *silent, | ||||
| 	} | ||||
| 
 | ||||
| 	remote := strings.Split(remotestr, ":") | ||||
| 	//remoteAddr, remotePort, err := net.SplitHostPort(remotestr) | ||||
| 	if 2 == len(remote) { | ||||
| 		rport, err := strconv.Atoi(remote[1]) | ||||
| 		if nil != err { | ||||
| 			usage() | ||||
| 			os.Exit(0) | ||||
| 		} | ||||
| 		sclient.RemotePort = rport | ||||
| 	} else if 1 != len(remote) { | ||||
| 		usage() | ||||
| 		os.Exit(0) | ||||
| 	} | ||||
| 	sclient.RemoteAddress = remote[0] | ||||
| 
 | ||||
| 	if "-" == localstr || "|" == localstr { | ||||
| 		// User may specify stdin/stdout instead of net | ||||
| 		sclient.LocalAddress = localstr | ||||
| 		sclient.LocalPort = -1 | ||||
| 	} else { | ||||
| 		// Test that argument is a local address | ||||
| 		local := strings.Split(localstr, ":") | ||||
| 
 | ||||
| 		if 1 == len(local) { | ||||
| 			lport, err := strconv.Atoi(local[0]) | ||||
| 			if nil != err { | ||||
| 				usage() | ||||
| 				os.Exit(0) | ||||
| 			} | ||||
| 			sclient.LocalPort = lport | ||||
| 		} else { | ||||
| 			lport, err := strconv.Atoi(local[1]) | ||||
| 			if nil != err { | ||||
| 				usage() | ||||
| 				os.Exit(0) | ||||
| 			} | ||||
| 			sclient.LocalAddress = local[0] | ||||
| 			sclient.LocalPort = lport | ||||
| 		} | ||||
| 	} | ||||
| 
 | ||||
| 	err := sclient.DialAndListen() | ||||
| 	if nil != err { | ||||
| 		fmt.Fprintf(os.Stderr, "%s\n", err) | ||||
| 		//usage() | ||||
| 		//os.Exit(6) | ||||
| 	} | ||||
| } | ||||
							
								
								
									
										43
									
								
								doc.go
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										43
									
								
								doc.go
									
									
									
									
									
										Normal file
									
								
							| @ -0,0 +1,43 @@ | ||||
| /* | ||||
| sclient unwraps SSL. | ||||
| 
 | ||||
| It makes secure remote connections (such as HTTPS) available locally as plain-text connections - | ||||
| similar to `stunnel` or `openssl s_client`. | ||||
| 
 | ||||
| There are a variety of reasons that you might want to do that, | ||||
| but we created it specifically to be able to upgrade applications with legacy | ||||
| security protocols - like SSH, OpenVPN, and Postgres - to take | ||||
| advantage of the features of modern TLS, such as ALPN and SNI | ||||
| (which makes them routable through almost every type of firewall). | ||||
| 
 | ||||
| See https://telebit.cloud/sclient for more info. | ||||
| 
 | ||||
| Package Basics | ||||
| 
 | ||||
| In the simplest case you'll just be setting a ServerName and connection info: | ||||
| 
 | ||||
| 	servername := "example.com" | ||||
| 
 | ||||
| 	sclient := &sclient.Tunnel{ | ||||
| 		ServerName:         servername, | ||||
| 		RemoteAddress:      servername, | ||||
| 		RemotePort:         443, | ||||
| 		LocalAddress:       "localhost", | ||||
| 		LocalPort:          3000, | ||||
| 	} | ||||
| 
 | ||||
| 	err := sclient.DialAndListen() | ||||
| 
 | ||||
| Try the CLI | ||||
| 
 | ||||
| If you'd like to better understand what sclient does, you can try it out with `go run`: | ||||
| 
 | ||||
| 	go get git.rootprojects.org/root/sclient.go/cmd/sclient | ||||
| 	go run git.rootprojects.org/root/sclient.go/cmd/sclient example.com:443 localhost:3000 | ||||
| 	curl http://localhost:3000 -H "Host: example.com" | ||||
| 
 | ||||
| Pre-built versions for various platforms are also available at | ||||
| https://telebit.cloud/sclient | ||||
| 
 | ||||
| */ | ||||
| package sclient | ||||
| @ -1,82 +0,0 @@ | ||||
| package main | ||||
| 
 | ||||
| import ( | ||||
| 	"flag" | ||||
| 	"fmt" | ||||
| 	"os" | ||||
| 	"strconv" | ||||
| 	"strings" | ||||
| ) | ||||
| 
 | ||||
| func usage() { | ||||
| 	fmt.Fprintf(os.Stderr, "\nusage: go run sclient*.go <remote> <local>\n"+ | ||||
| 		"\n"+ | ||||
| 		"   ex: sclient example.com 3000\n"+ | ||||
| 		"      (sclient example.com:443 localhost:3000)\n"+ | ||||
| 		"\n"+ | ||||
| 		"   ex: sclient example.com:8443 0.0.0.0:4080\n"+ | ||||
| 		"\n") | ||||
| 	flag.PrintDefaults() | ||||
| 	fmt.Println() | ||||
| } | ||||
| 
 | ||||
| func main() { | ||||
| 	flag.Usage = usage | ||||
| 	insecure := flag.Bool("k", false, "ignore bad TLS/SSL/HTTPS certificates") | ||||
| 	flag.BoolVar(insecure, "insecure", false, "ignore bad TLS/SSL/HTTPS certificates") | ||||
| 	flag.Parse() | ||||
| 
 | ||||
| 	// NArg, Arg, Args | ||||
| 	i := flag.NArg() | ||||
| 	if 2 != i { | ||||
| 		usage() | ||||
| 		os.Exit(0) | ||||
| 	} | ||||
| 
 | ||||
| 	opts := &SclientOpts{} | ||||
| 	opts.RemotePort = 443 | ||||
| 	opts.LocalAddress = "localhost" | ||||
| 	opts.InsecureSkipVerify = *insecure | ||||
| 
 | ||||
| 	remote := strings.Split(flag.Arg(0), ":") | ||||
| 	//remoteAddr, remotePort, err := net.SplitHostPort(flag.Arg(0)) | ||||
| 	if 2 == len(remote) { | ||||
| 		rport, err := strconv.Atoi(remote[1]) | ||||
| 		if nil != err { | ||||
| 			usage() | ||||
| 			os.Exit(0) | ||||
| 		} | ||||
| 		opts.RemotePort = rport | ||||
| 	} else if 1 != len(remote) { | ||||
| 		usage() | ||||
| 		os.Exit(0) | ||||
| 	} | ||||
| 	opts.RemoteAddress = remote[0] | ||||
| 
 | ||||
| 	local := strings.Split(flag.Arg(1), ":") | ||||
| 	//localAddr, localPort, err := net.SplitHostPort(flag.Arg(0)) | ||||
| 
 | ||||
| 	if 1 == len(local) { | ||||
| 		lport, err := strconv.Atoi(local[0]) | ||||
| 		if nil != err { | ||||
| 			usage() | ||||
| 			os.Exit(0) | ||||
| 		} | ||||
| 		opts.LocalPort = lport | ||||
| 	} else { | ||||
| 		lport, err := strconv.Atoi(local[1]) | ||||
| 		if nil != err { | ||||
| 			usage() | ||||
| 			os.Exit(0) | ||||
| 		} | ||||
| 		opts.LocalAddress = local[0] | ||||
| 		opts.LocalPort = lport | ||||
| 	} | ||||
| 
 | ||||
| 	sclient := &Sclient{} | ||||
| 	err := sclient.DialAndListen(opts) | ||||
| 	if nil != err { | ||||
| 		usage() | ||||
| 		os.Exit(0) | ||||
| 	} | ||||
| } | ||||
							
								
								
									
										143
									
								
								sclient.go
									
									
									
									
									
								
							
							
						
						
									
										143
									
								
								sclient.go
									
									
									
									
									
								
							| @ -1,4 +1,4 @@ | ||||
| package main | ||||
| package sclient | ||||
| 
 | ||||
| import ( | ||||
| 	"crypto/tls" | ||||
| @ -10,27 +10,110 @@ import ( | ||||
| 	"strings" | ||||
| ) | ||||
| 
 | ||||
| type SclientOpts struct { | ||||
| // Tunnel specifies which remote encrypted connection to make available as a plain connection locally. | ||||
| type Tunnel struct { | ||||
| 	RemoteAddress      string | ||||
| 	RemotePort         int | ||||
| 	LocalAddress       string | ||||
| 	LocalPort          int | ||||
| 	InsecureSkipVerify bool | ||||
| 	ServerName         string | ||||
| 	Silent             bool | ||||
| } | ||||
| 
 | ||||
| type Sclient struct{} | ||||
| // DialAndListen will create a test TLS connection to the remote address and then | ||||
| // begin listening locally. Each local connection will result in a separate remote connection. | ||||
| func (t *Tunnel) DialAndListen() error { | ||||
| 	remote := t.RemoteAddress + ":" + strconv.Itoa(t.RemotePort) | ||||
| 	conn, err := tls.Dial("tcp", remote, | ||||
| 		&tls.Config{ | ||||
| 			ServerName:         t.ServerName, | ||||
| 			InsecureSkipVerify: t.InsecureSkipVerify, | ||||
| 		}) | ||||
| 
 | ||||
| func pipe(r net.Conn, w net.Conn, t string) { | ||||
| 	if err != nil { | ||||
| 		fmt.Fprintf(os.Stderr, "[warn] '%s' may not be accepting connections: %s\n", remote, err) | ||||
| 	} else { | ||||
| 		conn.Close() | ||||
| 	} | ||||
| 
 | ||||
| 	// use stdin/stdout | ||||
| 	if "-" == t.LocalAddress || "|" == t.LocalAddress { | ||||
| 		var name string | ||||
| 		network := "stdio" | ||||
| 		if "|" == t.LocalAddress { | ||||
| 			name = "pipe" | ||||
| 		} else { | ||||
| 			name = "stdin" | ||||
| 		} | ||||
| 		conn := &stdnet{os.Stdin, os.Stdout, &stdaddr{net.UnixAddr{Name: name, Net: network}}} | ||||
| 		t.handleConnection(remote, conn) | ||||
| 		return nil | ||||
| 	} | ||||
| 
 | ||||
| 	// use net.Conn | ||||
| 	local := t.LocalAddress + ":" + strconv.Itoa(t.LocalPort) | ||||
| 	ln, err := net.Listen("tcp", local) | ||||
| 	if err != nil { | ||||
| 		return err | ||||
| 	} | ||||
| 
 | ||||
| 	if !t.Silent { | ||||
| 		fmt.Fprintf(os.Stdout, "[listening] %s:%d <= %s:%d\n", | ||||
| 			t.RemoteAddress, t.RemotePort, t.LocalAddress, t.LocalPort) | ||||
| 	} | ||||
| 
 | ||||
| 	for { | ||||
| 		conn, err := ln.Accept() | ||||
| 		if nil != err { | ||||
| 			fmt.Fprintf(os.Stderr, "[error] %s\n", err) | ||||
| 			continue | ||||
| 		} | ||||
| 		go t.handleConnection(remote, conn) | ||||
| 	} | ||||
| } | ||||
| 
 | ||||
| // I wonder if I can get this to exactly mirror UnixAddr without passing it in | ||||
| type stdaddr struct { | ||||
| 	net.UnixAddr | ||||
| } | ||||
| 
 | ||||
| type stdnet struct { | ||||
| 	in   *os.File // os.Stdin | ||||
| 	out  *os.File // os.Stdout | ||||
| 	addr *stdaddr | ||||
| } | ||||
| 
 | ||||
| func (rw *stdnet) Read(buf []byte) (n int, err error) { | ||||
| 	return rw.in.Read(buf) | ||||
| } | ||||
| func (rw *stdnet) Write(buf []byte) (n int, err error) { | ||||
| 	return rw.out.Write(buf) | ||||
| } | ||||
| func (rw *stdnet) Close() error { | ||||
| 	return rw.in.Close() | ||||
| } | ||||
| func (rw *stdnet) RemoteAddr() net.Addr { | ||||
| 	return rw.addr | ||||
| } | ||||
| 
 | ||||
| // not all of net.Conn, just RWC and RemoteAddr() | ||||
| type netReadWriteCloser interface { | ||||
| 	io.ReadWriteCloser | ||||
| 	RemoteAddr() net.Addr | ||||
| } | ||||
| 
 | ||||
| func pipe(r netReadWriteCloser, w netReadWriteCloser, t string) { | ||||
| 	buffer := make([]byte, 2048) | ||||
| 	for { | ||||
| 		done := false | ||||
| 		// NOTE: count may be > 0 even if there's an err | ||||
| 		count, err := r.Read(buffer) | ||||
| 		//fmt.Fprintf(os.Stdout, "[debug] (%s) reading\n", t) | ||||
| 		count, err := r.Read(buffer) | ||||
| 		if nil != err { | ||||
| 			//fmt.Fprintf(os.Stdout, "[debug] (%s:%d) error reading %s\n", t, count, err) | ||||
| 			if io.EOF != err { | ||||
| 				fmt.Fprintf(os.Stderr, "[read error] (%s:%s) %s\n", t, count, err) | ||||
| 				fmt.Fprintf(os.Stderr, "[read error] (%s:%d) %s\n", t, count, err) | ||||
| 			} | ||||
| 			r.Close() | ||||
| 			//w.Close() | ||||
| @ -56,9 +139,12 @@ func pipe(r net.Conn, w net.Conn, t string) { | ||||
| 	} | ||||
| } | ||||
| 
 | ||||
| func handleConnection(remote string, conn net.Conn, opts *SclientOpts) { | ||||
| func (t *Tunnel) handleConnection(remote string, conn netReadWriteCloser) { | ||||
| 	sclient, err := tls.Dial("tcp", remote, | ||||
| 		&tls.Config{InsecureSkipVerify: opts.InsecureSkipVerify}) | ||||
| 		&tls.Config{ | ||||
| 			ServerName:         t.ServerName, | ||||
| 			InsecureSkipVerify: t.InsecureSkipVerify, | ||||
| 		}) | ||||
| 
 | ||||
| 	if err != nil { | ||||
| 		fmt.Fprintf(os.Stderr, "[error] (remote) %s\n", err) | ||||
| @ -66,39 +152,16 @@ func handleConnection(remote string, conn net.Conn, opts *SclientOpts) { | ||||
| 		return | ||||
| 	} | ||||
| 
 | ||||
| 	fmt.Fprintf(os.Stdout, "[connect] %s => %s:%d\n", | ||||
| 		strings.Replace(conn.RemoteAddr().String(), "[::1]:", "localhost:", 1), opts.RemoteAddress, opts.RemotePort) | ||||
| 	if !t.Silent { | ||||
| 		if "stdio" == conn.RemoteAddr().Network() { | ||||
| 			fmt.Fprintf(os.Stdout, "(connected to %s:%d and reading from %s)\n", | ||||
| 				t.RemoteAddress, t.RemotePort, conn.RemoteAddr().String()) | ||||
| 		} else { | ||||
| 			fmt.Fprintf(os.Stdout, "[connect] %s => %s:%d\n", | ||||
| 				strings.Replace(conn.RemoteAddr().String(), "[::1]:", "localhost:", 1), t.RemoteAddress, t.RemotePort) | ||||
| 		} | ||||
| 	} | ||||
| 
 | ||||
| 	go pipe(conn, sclient, "local") | ||||
| 	pipe(sclient, conn, "remote") | ||||
| } | ||||
| 
 | ||||
| func (*Sclient) DialAndListen(opts *SclientOpts) error { | ||||
| 	remote := opts.RemoteAddress + ":" + strconv.Itoa(opts.RemotePort) | ||||
| 	conn, err := tls.Dial("tcp", remote, | ||||
| 		&tls.Config{InsecureSkipVerify: opts.InsecureSkipVerify}) | ||||
| 
 | ||||
| 	if err != nil { | ||||
| 		fmt.Fprintf(os.Stderr, "[warn] '%s' may not be accepting connections: %s\n", remote, err) | ||||
| 	} else { | ||||
| 		conn.Close() | ||||
| 	} | ||||
| 
 | ||||
| 	local := opts.LocalAddress + ":" + strconv.Itoa(opts.LocalPort) | ||||
| 	ln, err := net.Listen("tcp", local) | ||||
| 	if err != nil { | ||||
| 		return err | ||||
| 	} | ||||
| 
 | ||||
| 	fmt.Fprintf(os.Stdout, "[listening] %s:%d <= %s:%d\n", | ||||
| 		opts.RemoteAddress, opts.RemotePort, opts.LocalAddress, opts.LocalPort) | ||||
| 
 | ||||
| 	for { | ||||
| 		conn, err := ln.Accept() | ||||
| 		if nil != err { | ||||
| 			fmt.Fprintf(os.Stderr, "[error] %s\n", err) | ||||
| 			continue | ||||
| 		} | ||||
| 		go handleConnection(remote, conn, opts) | ||||
| 	} | ||||
| } | ||||
|  | ||||
							
								
								
									
										11
									
								
								staticcheck.conf
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										11
									
								
								staticcheck.conf
									
									
									
									
									
										Normal file
									
								
							| @ -0,0 +1,11 @@ | ||||
| # I like my yoda conditions ST1017 | ||||
| checks = ["all", "-ST1017", "-ST1000", "-ST1003", "-ST1016", "-ST1020", "-ST1021", "-ST1022", "-ST1023"] | ||||
| initialisms = ["ACL", "API", "ASCII", "CPU", "CSS", "DNS", | ||||
| 	"EOF", "GUID", "HTML", "HTTP", "HTTPS", "ID", | ||||
| 	"IP", "JSON", "QPS", "RAM", "RPC", "SLA", | ||||
| 	"SMTP", "SQL", "SSH", "TCP", "TLS", "TTL", | ||||
| 	"UDP", "UI", "GID", "UID", "UUID", "URI", | ||||
| 	"URL", "UTF8", "VM", "XML", "XMPP", "XSRF", | ||||
| 	"XSS", "SIP", "RTP", "AMQP", "DB", "TS"] | ||||
| dot_import_whitelist = [] | ||||
| http_status_code_whitelist = ["200", "400", "404", "500"] | ||||
							
								
								
									
										5
									
								
								tests/get.bin
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										5
									
								
								tests/get.bin
									
									
									
									
									
										Normal file
									
								
							| @ -0,0 +1,5 @@ | ||||
| GET / HTTP/1.1 | ||||
| Host: telebit.cloud | ||||
| Connection: close | ||||
| 
 | ||||
| 
 | ||||
							
								
								
									
										8
									
								
								tests/localhost.sh
									
									
									
									
									
										Executable file
									
								
							
							
						
						
									
										8
									
								
								tests/localhost.sh
									
									
									
									
									
										Executable file
									
								
							| @ -0,0 +1,8 @@ | ||||
| #!/bin/bash | ||||
| 
 | ||||
| go run -race sclient*.go telebit.cloud:443 localhost:3000 & | ||||
| my_pid=$! | ||||
| sleep 5 | ||||
| 
 | ||||
| netcat localhost 3000 < tests/get.bin | ||||
| kill $my_pid | ||||
							
								
								
									
										3
									
								
								tests/pipe.sh
									
									
									
									
									
										Executable file
									
								
							
							
						
						
									
										3
									
								
								tests/pipe.sh
									
									
									
									
									
										Executable file
									
								
							| @ -0,0 +1,3 @@ | ||||
| #!/bin/bash | ||||
| 
 | ||||
| cat tests/get.bin | go run -race sclient*.go telebit.cloud:443 | ||||
							
								
								
									
										3
									
								
								tests/stdin.sh
									
									
									
									
									
										Executable file
									
								
							
							
						
						
									
										3
									
								
								tests/stdin.sh
									
									
									
									
									
										Executable file
									
								
							| @ -0,0 +1,3 @@ | ||||
| #!/bin/bash | ||||
| 
 | ||||
| go run -race sclient*.go telebit.cloud:443 - < ./tests/get.bin | ||||
		Loading…
	
	
			
			x
			
			
		
	
		Reference in New Issue
	
	Block a user