--- /dev/null
+---
+title: sclient
+homepage: https://github.com/therootcompany/sclient
+tagline: |
+ sclient: a cross-platform tool to unwrap TLS as plain text.
+---
+
+To update or switch versions, run `webi sclient@stable`.
+
+## Cheat Sheet
+
+> sclient unwraps encrypted connections (HTTPS/TLS/SSL) so that you can work
+> with them as as plain text (or binary). Great for debugging web services, and
+> security research.
+>
+> Think of it like netcat (or socat) + openssl s_client.
+
+You can _literally_ use this on example.com:
+
+```bash
+sclient example.com:443 localhost:3000
+```
+
+To use it with an http client, just set the Host header to the original domain:
+
+```bash
+curl -H "Host: example.com" http://localhost:3000
+```
+
+```html
+<!DOCTYPE html>
+<html>
+ <body>
+ <h1>Example Domain</h1>
+ This domain is for use in illustrative examples in documents. You may use
+ this domain in literature without prior coordination or asking for
+ permission.
+ <a href="https://www.iana.org/domains/example">More information...</a>
+ </body>
+</html>
+```
+
+### How to Proxy SSH over SSL
+
+SSH can be tunneled within HTTPS, TLS, SSL, WebSockets, etc.
+
+```bash
+ssh -o ProxyCommand="sclient %h" jon.telebit.io
+```
+
+This is useful to be able to connect to SSH even from behind a corporate
+packet-inspection firewall. It can also be used to multiplex and relay multiple
+ssh connections through a single host.
+
+### How to unwrap TLS for Telnet (HTTP/HTTPS)
+
+```bash
+sclient example.com:443 localhost:3000
+```
+
+```bash
+telnet localhost 3000
+```
+
+### How to unwrap TLS for SMTP/SMTPS/STARTTLS
+
+```bash
+sclient smtp.gmail.com:465 localhost:2525
+```
+
+```bash
+telnet localhost 2525
+
+Trying 127.0.0.1...
+Connected to localhost.
+Escape character is '^]'.
+220 smtp.gmail.com ESMTP c79-v6sm37968282pfb.147 - gsmtp
+```
+
+### How to use with stdin / stdout
+
+```bash
+sclient whatever.com -
+```
+
+Use just like netcat or telnet. A manual HTTP request, for example:
+
+```txt
+> GET / HTTP/1.1
+> Host: whatever.com
+> Connection: close
+>
+```
+
+### How to pipe connections
+
+```bash
+printf "GET / HTTP/1.1\r\nHost: telebit.cloud\r\n\r\n" | sclient telebit.cloud
+```
+
+### How to Spoof SNI
+
+Sometimes you want to check to see if your site is vulnerable to SNI-spoofing
+attacks, such as Domain Fronting.
+
+The literal domains `example.net` and `example.com` are _actually_ vulnerable to
+SNI spoofing:
+
+```bash
+sclient --servername example.net example.com:443 localhost:3000
+curl -H "example.com" http://localhost:3000
+```
+
+Most domains, however, are not:
+
+```bash
+sclient --servername google.net google.com:443 localhost:3000
+curl -H "google.com" http://localhost:3000
+```
--- /dev/null
+#!/usr/bin/env pwsh
+
+###################
+# Install sclient #
+###################
+
+# Every package should define these variables
+$pkg_cmd_name = "sclient"
+
+$pkg_dst_cmd = "$Env:USERPROFILE\.local\bin\sclient.exe"
+$pkg_dst = "$pkg_dst_cmd"
+
+$pkg_src_cmd = "$Env:USERPROFILE\.local\opt\sclient-v$Env:WEBI_VERSION\bin\sclient.exe"
+$pkg_src_bin = "$Env:USERPROFILE\.local\opt\sclient-v$Env:WEBI_VERSION\bin"
+$pkg_src_dir = "$Env:USERPROFILE\.local\opt\sclient-v$Env:WEBI_VERSION"
+$pkg_src = "$pkg_src_cmd"
+
+$pkg_download = "$Env:USERPROFILE\Downloads\$Env:WEBI_PKG_FILE"
+
+# Fetch archive
+IF (!(Test-Path -Path "$Env:USERPROFILE\Downloads\$Env:WEBI_PKG_FILE"))
+{
+ # TODO: arch detection
+ echo "Downloading sclient from $Env:WEBI_PKG_URL to $pkg_download"
+ & curl.exe -A "$Env:WEBI_UA" -fsSL "$Env:WEBI_PKG_URL" -o "$pkg_download.part"
+ & move "$pkg_download.part" "$pkg_download"
+}
+
+IF (!(Test-Path -Path "$pkg_src_cmd"))
+{
+ echo "Installing sclient"
+
+ # TODO: create package-specific temp directory
+ # Enter tmp
+ pushd .local\tmp
+
+ # Remove any leftover tmp cruft
+ Remove-Item -Path ".\sclient-*" -Recurse -ErrorAction Ignore
+ Remove-Item -Path ".\sclient.exe" -Recurse -ErrorAction Ignore
+
+ # Unpack archive file into this temporary directory
+ # Windows BSD-tar handles zip. Imagine that.
+ echo "Unpacking $pkg_download"
+ & tar xf "$pkg_download"
+
+ # Settle unpacked archive into place
+ echo "Install Location: $pkg_src_cmd"
+ New-Item "$pkg_src_bin" -ItemType Directory -Force
+ Move-Item -Path ".\sclient.exe" -Destination "$pkg_src_bin"
+
+ # Exit tmp
+ popd
+}
+
+echo "Copying into '$pkg_dst_cmd' from '$pkg_src_cmd'"
+Remove-Item -Path "$pkg_dst_cmd" -Recurse -ErrorAction Ignore
+Copy-Item -Path "$pkg_src" -Destination "$pkg_dst" -Recurse
--- /dev/null
+#!/bin/bash
+
+function __init_sclient() {
+ set -e
+ set -u
+
+ ###################
+ # Install sclient #
+ ###################
+
+ # Every package should define these 6 variables
+ pkg_cmd_name="sclient"
+
+ pkg_dst_cmd="$HOME/.local/bin/sclient"
+ pkg_dst="$pkg_dst_cmd"
+
+ pkg_src_cmd="$HOME/.local/opt/sclient-v$WEBI_VERSION/bin/sclient"
+ pkg_src_dir="$HOME/.local/opt/sclient-v$WEBI_VERSION"
+ pkg_src="$pkg_src_cmd"
+
+ pkg_install() {
+ # $HOME/.local/opt/sclient-v1.3.3/bin
+ mkdir -p "$pkg_src_bin"
+
+ # mv ./sclient* "$HOME/.local/opt/sclient-v1.3.3/bin/sclient"
+ mv ./"$pkg_cmd_name"* "$pkg_src_cmd"
+
+ # chmod a+x "$HOME/.local/opt/sclient-v1.3.3/bin/sclient"
+ chmod a+x "$pkg_src_cmd"
+ }
+
+ pkg_get_current_version() {
+ # 'sclient version' has output in this format:
+ # sclient 1.3.3 (455db50) 2020-12-02T22:05:35Z
+ # This trims it down to just the version number:
+ # 1.3.3
+ echo "$(sclient --version 2>/dev/null | head -n 1 | cut -d' ' -f2 | sed 's:^v::')"
+ }
+
+}
+
+__init_sclient
--- /dev/null
+'use strict';
+
+var github = require('../_common/github.js');
+var owner = 'therootcompany';
+var repo = 'sclient';
+
+module.exports = function (request) {
+ return github(request, owner, repo).then(function (all) {
+ return all;
+ });
+};
+
+if (module === require.main) {
+ module.exports(require('@root/request')).then(function (all) {
+ all = require('../_webi/normalize.js')(all);
+ console.info(JSON.stringify(all));
+ });
+}
projects / webi-installers / .git / commitdiff