sclient

package module
v1.5.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Oct 28, 2023 License: Apache-2.0, MIT Imports: 7 Imported by: 0

README

sclient

Secure Client for exposing TLS (aka SSL) secured services as plain-text connections locally.

Also ideal for multiplexing a single port with multiple protocols using SNI.

Unwrap a TLS connection:

sclient whatever.com:443 localhost:3000

> [listening] whatever.com:443 <= localhost:3000

Connect via Telnet

telnet localhost 3000

Connect via netcat (nc)

nc localhost 3000

cURL

curl http://localhost:3000 -H 'Host: whatever.com'

A poor man's (or Windows user's) makeshift replacement for openssl s_client, stunnel, or socat.

Table of Contents

Install

Mac, Linux
curl -sS https://webinstall.dev/sclient | bash

curl.exe -A MS https://webinstall.dev/sclient | powershell
Downloads

Check the Github Releases for

  • macOS (x64) Apple Silicon coming soon
  • Linux (x64, i386, arm64, arm6, arm7)
  • Windows 10 (x64, i386)

Usage

sclient [flags] <remote> <local>

  • flags

    • -s, --silent less verbose logging
    • -k, --insecure ignore invalid TLS (SSL/HTTPS) certificates
    • --servername <domain> spoof SNI (to disable use IP as <remote> and do not use this option)
    • --alpn <protocol-list>

  • remote

    • must have servername (i.e. example.com)
    • port is optional (default is 443)

  • local

    • address is optional (default is localhost)
    • must have port (i.e. 3000)

    -alpn string acceptable protocols, ex: 'h2,http/1.1' 'http/1.1' (default) 'ssh' (default "http/1.1") -insecure ignore bad TLS/SSL/HTTPS certificates -k alias for --insecure -s alias of --silent -servername string specify a servername different from (to disable SNI use an IP as and do use this option) -silent less verbose output

Examples

Bridge between telebit.cloud and local port 3000.

sclient telebit.cloud 3000

Same as above, but more explicit

sclient telebit.cloud:443 localhost:3000

Ignore a bad TLS/SSL/HTTPS certificate and connect anyway.

sclient -k badtls.telebit.cloud:443 localhost:3000

Reading from stdin

sclient telebit.cloud:443 -

sclient telebit.cloud:443 - </path/to/file

Piping

printf "GET / HTTP/1.1\r\nHost: telebit.cloud\r\n\r\n" | sclient telebit.cloud:443

Testing for security vulnerabilities on the remote:

sclient --servername "Robert'); DROP TABLE Students;" -k example.com localhost:3000

sclient --servername "../../../.hidden/private.txt" -k example.com localhost:3000

API

See Go Docs.

Build from source

You'll need to install Go. See webinstall.dev/golang for install instructions.

curl -sS https://webinstall.dev/golang | bash

Then you can install and run as per usual.

git clone https://git.rootprojects.org/root/sclient.go.git

pushd sclient.go
  go build -o dist/sclient cmd/sclient/main.go
  sudo rsync -av dist/sclient /usr/local/bin/sclient
popd

sclient example.com:443 localhost:3000

Install or Run with Go

go get git.rootprojects.org/root/sclient.go/cmd/sclient
go run git.rootprojects.org/root/sclient.go/cmd/sclient example.com:443 localhost:3000

Documentation

Overview

sclient unwraps SSL.

It makes secure remote connections (such as HTTPS) available locally as plain-text connections - similar to `stunnel` or `openssl s_client`.

There are a variety of reasons that you might want to do that, but we created it specifically to be able to upgrade applications with legacy security protocols - like SSH, OpenVPN, and Postgres - to take advantage of the features of modern TLS, such as ALPN and SNI (which makes them routable through almost every type of firewall).

See https://telebit.cloud/sclient for more info.

Package Basics

In the simplest case you'll just be setting a ServerName and connection info: 

servername := "example.com"

sclient := &sclient.Tunnel{
	ServerName:         servername,
	RemoteAddress:      servername,
	RemotePort:         443,
	LocalAddress:       "localhost",
	LocalPort:          3000,
}

err := sclient.DialAndListen()

Try the CLI

If you'd like to better understand what sclient does, you can try it out with `go run`: 

go get git.rootprojects.org/root/sclient.go/cmd/sclient
go run git.rootprojects.org/root/sclient.go/cmd/sclient example.com:443 localhost:3000
curl http://localhost:3000 -H "Host: example.com"

Pre-built versions for various platforms are also available at https://telebit.cloud/sclient

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type Tunnel added in v1.3.0 

type Tunnel struct {
	RemoteAddress      string
	RemotePort         int
	LocalAddress       string
	LocalPort          int
	InsecureSkipVerify bool
	NextProtos         []string
	ServerName         string
	Silent             bool
}

Tunnel specifies which remote encrypted connection to make available as a plain connection locally.

func (*Tunnel) DialAndListen added in v1.3.0 

func (t *Tunnel) DialAndListen() error

DialAndListen will create a test TLS connection to the remote address and then begin listening locally. Each local connection will result in a separate remote connection.

Source Files

View all Source files

Directories

Path Synopsis
cmd
sclient

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.