{"id":13539442,"url":"https://github.com/mhzed/wstunnel","last_synced_at":"2025-04-02T06:30:56.519Z","repository":{"id":10835646,"uuid":"13114353","full_name":"mhzed/wstunnel","owner":"mhzed","description":"tunnel over websocket","archived":false,"fork":false,"pushed_at":"2024-02-20T21:20:33.000Z","size":211,"stargazers_count":563,"open_issues_count":7,"forks_count":151,"subscribers_count":21,"default_branch":"master","last_synced_at":"2024-04-24T13:19:09.387Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"JavaScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/mhzed.png","metadata":{"files":{"readme":"readme.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null}},"created_at":"2013-09-26T06:09:37.000Z","updated_at":"2024-04-19T12:50:38.000Z","dependencies_parsed_at":"2024-01-07T22:48:56.074Z","dependency_job_id":"e7270d0d-4c9b-4e73-a9f7-c87f3b5d7c93","html_url":"https://github.com/mhzed/wstunnel","commit_stats":{"total_commits":72,"total_committers":10,"mean_commits":7.2,"dds":"0.36111111111111116","last_synced_commit":"736629a5a75aeaa81bc5b2391680425a8bff44b8"},"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mhzed%2Fwstunnel","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mhzed%2Fwstunnel/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mhzed%2Fwstunnel/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mhzed%2Fwstunnel/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/mhzed","download_url":"https://codeload.github.com/mhzed/wstunnel/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":246767710,"owners_count":20830539,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-08-01T09:01:25.961Z","updated_at":"2025-04-02T06:30:56.062Z","avatar_url":"https://github.com/mhzed.png","language":"JavaScript","funding_links":[],"categories":["\u003ca id=\"1a9934198e37d6d06b881705b863afc8\"\u003e\u003c/a\u003e通信\u0026\u0026代理\u0026\u0026反向代理\u0026\u0026隧道","\u003ca id=\"01e6651181d405ecdcd92a452989e7e0\"\u003e\u003c/a\u003e工具"],"sub_categories":["\u003ca id=\"56acb7c49c828d4715dce57410d490d1\"\u003e\u003c/a\u003e未分类-Proxy","\u003ca id=\"9d6789f22a280f5bb6491d1353b02384\"\u003e\u003c/a\u003e隧道\u0026\u0026穿透"],"readme":"# wstunnel\n\nEstablish a TCP socket tunnel over web socket connection, for circumventing strict firewalls.\n\n## Installation\n\nnpm install -g wstunnel\n\n## Usage\n\nRun the websocket tunnel server at port 8080 on all interfaces:\n\n    wstunnel -s 0.0.0.0:8080\n\nRun the websocket tunnel client:\n\n    wstunnel -t 33:2.2.2.2:33 ws://host:8080\n\nIn the above example, client picks the final tunnel destination, similar to ssh tunnel. Alternatively for security reason, you can lock tunnel destination on the server end, example:\n\n    Server:\n        wstunnel -s 0.0.0.0:8080 -t 2.2.2.2:33\n\n    Client:\n        wstunnel -t 33 ws://server:8080\n\nIn both examples, connection to localhost:33 on client will be tunneled to 2.2.2.2:33 on server via websocket connection in between.\n\nTo tell client to connect via http proxy, do:\n\n    wstunnel -t 33:2.2.2.2:33 -p http://[user:pass@]proxyhost:proxyport wss://server:443\n\nFor dev/test purpose, client can set '-c' option to disable ssl certificate check.\n\nThis also makes you vulnerable to MITM attack, so use with caution.\n\nTo get help, just run\n\n    wstunnel\n\n## Docker\n\nA public docker image \"mhzed/wstunnel\" is now available.\n\nExample:\n\n```\n# run as client to connect to wss://server.com, tunnel localhost:2244 to target.ip:22\ndocker run --rm -d -p 2244:2244 mhzed/wstunnel -t 0.0.0.0:2244:target.ip:22 wss://server.com\n```\n\nNotice \"-t 0.0.0.0:2244...\" above. By default wstunnel binds to localhost which is unreachable inside a docker container, so make sure to specify \"0.0.0.0\" to bind to all local IPs.\n\n## Use cases\n\nFor tunneling over strict firewalls: WebSocket is a part of the HTML5 standard, any reasonable firewall will unlikely be so strict as to break HTML5.\n\n### SSL setup\n\nCurrently wstunnel in server mode supports plain tcp socket only. For SSL support (highly recommended), setup a NGINX reverse proxy.\n\nOn server, wstunnel listens on localhost:8080:\n\n    wstunnel -s 8080\n\nOn server, run NGINX (\u003e=1.3.13) with sample configuration:\n\n    server {\n        listen   443;\n        server_name  mydomain.com;\n\n        ssl  on;\n        ssl_certificate  /path/to/my.crt\n        ssl_certificate_key  /path/to/my.key\n        ssl_session_timeout  5m;\n        ssl_protocols  SSLv2 SSLv3 TLSv1;\n        ssl_ciphers  ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;\n        ssl_prefer_server_ciphers   on;\n\n        location / {\n            proxy_pass http://127.0.0.1:8080;\n            proxy_http_version 1.1;\n            proxy_set_header Upgrade $http_upgrade;\n            proxy_set_header Connection \"upgrade\";\n            proxy_set_header        Host            $host;\n            proxy_set_header        X-Real-IP       $remote_addr;\n            proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;\n            proxy_set_header        X-Forwarded-Proto $scheme;\n        }\n    }\n\nThen on client:\n\n    wstunnel -t 99:targethost:targetport wss://mydomain.com\n\n### SSH Proxy\n\nTo use as a proxy for \"ssh\", run:\n\n```\nssh -o ProxyCommand=\"wstunnel -t stdio:%h:%p https://server\" user@sshDestination\n```\n\nAbove command will ssh to \"user@sshDestination\" via wstunnel server at \"https://server\".\n\n### RDP use case\n\nLet's say you want to use a Remote Desktop connection to a machine with IP 2.2.2.2  \nRun the wstunnel server on a different machine, tunneling to the destination on the RDP port 3389:\n\n         wstunnel -s 0.0.0.0:8080 -t 2.2.2.2:3389\n\nOn the destination, you need to tweak some registry settings to relax the security policy for Remote Desktop.\n\n        Open RegEdit, and navigate to the following key:\n        HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\Terminal Server\\WinStations\\RDP-Tcp\n        Change \"SecurityLayer\" to 0\n        Change \"SelectNetworkDetect\" to 0\n        Reboot\n\nOn the client, first start wstunnel:\n\n        wstunnel -t 3389 ws://server:8080\n\nNow you can just open Remote Desktop Connection and connect to `localhost`\n\n## Proxy\n\nWhen using socks proxy, ensure the host is IP address only, DNS name is not supported. For example:\n\n```\n# \"localhost\" won't work\nwstunnel -t 2255:sshhost:22 --proxy socks://localhost:3111 http://wsserver\n# instead, do:\nwstunnel -t 2255:sshhost:22 --proxy socks://127.0.0.1:3111 https://wsserver\n```\n\n## Http tunnel\n\nAn http tunnel will be established if websocket connection fails. Two long live http connections are\nestablished for sending and receiving data.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmhzed%2Fwstunnel","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fmhzed%2Fwstunnel","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmhzed%2Fwstunnel/lists"}