X-Git-Url: https://git.josue.xyz/?a=blobdiff_plain;f=sclient%2FREADME.md;fp=sclient%2FREADME.md;h=db356ac2516a28d562663d5a3a329a40e5b9386f;hb=9aa31c51676f22996a1f26d921d3acb037f5cfad;hp=0000000000000000000000000000000000000000;hpb=9726de49670ecb53d02d5eb9218e62324e15c821;p=webi-installers%2F.git
diff --git a/sclient/README.md b/sclient/README.md
new file mode 100644
index 0000000..db356ac
--- /dev/null
+++ b/sclient/README.md
@@ -0,0 +1,119 @@
+---
+title: sclient
+homepage: https://github.com/therootcompany/sclient
+tagline: |
+ sclient: a cross-platform tool to unwrap TLS as plain text.
+---
+
+To update or switch versions, run `webi sclient@stable`.
+
+## Cheat Sheet
+
+> sclient unwraps encrypted connections (HTTPS/TLS/SSL) so that you can work
+> with them as as plain text (or binary). Great for debugging web services, and
+> security research.
+>
+> Think of it like netcat (or socat) + openssl s_client.
+
+You can _literally_ use this on example.com:
+
+```bash
+sclient example.com:443 localhost:3000
+```
+
+To use it with an http client, just set the Host header to the original domain:
+
+```bash
+curl -H "Host: example.com" http://localhost:3000
+```
+
+```html
+
+
+
+ Example Domain
+ This domain is for use in illustrative examples in documents. You may use
+ this domain in literature without prior coordination or asking for
+ permission.
+ More information...
+
+
+```
+
+### How to Proxy SSH over SSL
+
+SSH can be tunneled within HTTPS, TLS, SSL, WebSockets, etc.
+
+```bash
+ssh -o ProxyCommand="sclient %h" jon.telebit.io
+```
+
+This is useful to be able to connect to SSH even from behind a corporate
+packet-inspection firewall. It can also be used to multiplex and relay multiple
+ssh connections through a single host.
+
+### How to unwrap TLS for Telnet (HTTP/HTTPS)
+
+```bash
+sclient example.com:443 localhost:3000
+```
+
+```bash
+telnet localhost 3000
+```
+
+### How to unwrap TLS for SMTP/SMTPS/STARTTLS
+
+```bash
+sclient smtp.gmail.com:465 localhost:2525
+```
+
+```bash
+telnet localhost 2525
+
+Trying 127.0.0.1...
+Connected to localhost.
+Escape character is '^]'.
+220 smtp.gmail.com ESMTP c79-v6sm37968282pfb.147 - gsmtp
+```
+
+### How to use with stdin / stdout
+
+```bash
+sclient whatever.com -
+```
+
+Use just like netcat or telnet. A manual HTTP request, for example:
+
+```txt
+> GET / HTTP/1.1
+> Host: whatever.com
+> Connection: close
+>
+```
+
+### How to pipe connections
+
+```bash
+printf "GET / HTTP/1.1\r\nHost: telebit.cloud\r\n\r\n" | sclient telebit.cloud
+```
+
+### How to Spoof SNI
+
+Sometimes you want to check to see if your site is vulnerable to SNI-spoofing
+attacks, such as Domain Fronting.
+
+The literal domains `example.net` and `example.com` are _actually_ vulnerable to
+SNI spoofing:
+
+```bash
+sclient --servername example.net example.com:443 localhost:3000
+curl -H "example.com" http://localhost:3000
+```
+
+Most domains, however, are not:
+
+```bash
+sclient --servername google.net google.com:443 localhost:3000
+curl -H "google.com" http://localhost:3000
+```