--- /dev/null
+---
+title: sclient
+homepage: https://github.com/therootcompany/sclient
+tagline: |
+ sclient: a cross-platform tool to unwrap TLS as plain text.
+---
+
+To update or switch versions, run `webi sclient@stable`.
+
+## Cheat Sheet
+
+> sclient unwraps encrypted connections (HTTPS/TLS/SSL) so that you can work
+> with them as as plain text (or binary). Great for debugging web services, and
+> security research.
+>
+> Think of it like netcat (or socat) + openssl s_client.
+
+You can _literally_ use this on example.com:
+
+```bash
+sclient example.com:443 localhost:3000
+```
+
+To use it with an http client, just set the Host header to the original domain:
+
+```bash
+curl -H "Host: example.com" http://localhost:3000
+```
+
+```html
+<!DOCTYPE html>
+<html>
+ <body>
+ <h1>Example Domain</h1>
+ This domain is for use in illustrative examples in documents. You may use
+ this domain in literature without prior coordination or asking for
+ permission.
+ <a href="https://www.iana.org/domains/example">More information...</a>
+ </body>
+</html>
+```
+
+### How to Proxy SSH over SSL
+
+SSH can be tunneled within HTTPS, TLS, SSL, WebSockets, etc.
+
+```bash
+ssh -o ProxyCommand="sclient %h" jon.telebit.io
+```
+
+This is useful to be able to connect to SSH even from behind a corporate
+packet-inspection firewall. It can also be used to multiplex and relay multiple
+ssh connections through a single host.
+
+### How to unwrap TLS for Telnet (HTTP/HTTPS)
+
+```bash
+sclient example.com:443 localhost:3000
+```
+
+```bash
+telnet localhost 3000
+```
+
+### How to unwrap TLS for SMTP/SMTPS/STARTTLS
+
+```bash
+sclient smtp.gmail.com:465 localhost:2525
+```
+
+```bash
+telnet localhost 2525
+
+Trying 127.0.0.1...
+Connected to localhost.
+Escape character is '^]'.
+220 smtp.gmail.com ESMTP c79-v6sm37968282pfb.147 - gsmtp
+```
+
+### How to use with stdin / stdout
+
+```bash
+sclient whatever.com -
+```
+
+Use just like netcat or telnet. A manual HTTP request, for example:
+
+```txt
+> GET / HTTP/1.1
+> Host: whatever.com
+> Connection: close
+>
+```
+
+### How to pipe connections
+
+```bash
+printf "GET / HTTP/1.1\r\nHost: telebit.cloud\r\n\r\n" | sclient telebit.cloud
+```
+
+### How to Spoof SNI
+
+Sometimes you want to check to see if your site is vulnerable to SNI-spoofing
+attacks, such as Domain Fronting.
+
+The literal domains `example.net` and `example.com` are _actually_ vulnerable to
+SNI spoofing:
+
+```bash
+sclient --servername example.net example.com:443 localhost:3000
+curl -H "example.com" http://localhost:3000
+```
+
+Most domains, however, are not:
+
+```bash
+sclient --servername google.net google.com:443 localhost:3000
+curl -H "google.com" http://localhost:3000
+```
projects / webi-installers / .git / blobdiff