Awesome
sclient
Secure Client for exposing TLS (aka SSL) secured services as plain-text connections locally.
Also ideal for multiplexing a single port with multiple protocols using SNI.
Unwrap a TLS connection:
sclient whatever.com:443 localhost:3000
> [listening] whatever.com:443 <= localhost:3000
Connect via Telnet
telnet localhost 3000
Connect via netcat (nc)
nc localhost 3000
cURL
curl http://localhost:3000 -H 'Host: whatever.com'
A poor man's (or Windows user's) makeshift replacement for openssl s_client
,
stunnel
, or socat
.
Table of Contents
Install
Mac, Linux
curl -sS https://webinstall.dev/sclient | bash
curl.exe -A MS https://webinstall.dev/sclient | powershell
Downloads
Check the Github Releases for
- macOS (x64) Apple Silicon coming soon
- Linux (x64, i386, arm64, arm6, arm7)
- Windows 10 (x64, i386)
Usage
sclient [flags] <remote> <local>
-
flags
-s
,--silent
less verbose logging-k
,--insecure
ignore invalid TLS (SSL/HTTPS) certificates--servername <domain>
spoof SNI (to disable use IP as <remote> and do not use this option)--alpn <protocol-list>
-
remote
- must have servername (i.e. example.com)
- port is optional (default is 443)
-
local
- address is optional (default is localhost)
- must have port (i.e. 3000)
-alpn string acceptable protocols, ex: 'h2,http/1.1' 'http/1.1' (default) 'ssh' (default "http/1.1") -insecure ignore bad TLS/SSL/HTTPS certificates -k alias for --insecure -s alias of --silent -servername string specify a servername different from <remote> (to disable SNI use an IP as <remote> and do use this option) -silent less verbose output
Examples
Bridge between telebit.cloud
and local port 3000
.
sclient telebit.cloud 3000
Same as above, but more explicit
sclient telebit.cloud:443 localhost:3000
Ignore a bad TLS/SSL/HTTPS certificate and connect anyway.
sclient -k badtls.telebit.cloud:443 localhost:3000
Reading from stdin
sclient telebit.cloud:443 -
sclient telebit.cloud:443 - </path/to/file
Piping
printf "GET / HTTP/1.1\r\nHost: telebit.cloud\r\n\r\n" | sclient telebit.cloud:443
Testing for security vulnerabilities on the remote:
sclient --servername "Robert'); DROP TABLE Students;" -k example.com localhost:3000
sclient --servername "../../../.hidden/private.txt" -k example.com localhost:3000
API
See Go Docs.
Build from source
You'll need to install Go. See webinstall.dev/golang for install instructions.
curl -sS https://webinstall.dev/golang | bash
Then you can install and run as per usual.
git clone https://git.rootprojects.org/root/sclient.go.git
pushd sclient.go
go build -o dist/sclient cmd/sclient/main.go
sudo rsync -av dist/sclient /usr/local/bin/sclient
popd
sclient example.com:443 localhost:3000
Install or Run with Go
go get git.rootprojects.org/root/sclient.go/cmd/sclient
go run git.rootprojects.org/root/sclient.go/cmd/sclient example.com:443 localhost:3000