Research
Security News
Malicious npm Package Targets Solana Developers and Hijacks Funds
A malicious npm package targets Solana developers, rerouting funds in 2% of transactions to a hardcoded address.
By Socket Research Team - Dec 02, 2024
Huge News!Announcing our $40M Series B led by Abstract Ventures.Learn More →
github.com/koding/tunnel
- Version published
- Created
Tunnel 
Tunnel is a server/client package that enables to proxy public connections to your local machine over a tunnel connection from the local machine to the public server. What this means is, you can share your localhost even if it doesn't have a Public IP or if it's not reachable from outside.
It uses the excellent yamux package to multiplex connections between server and client.
The project is under active development, please vendor it if you want to use it.
Usage
The tunnel package consists of two parts. The server and the client.
Server is the public facing part. It's type that satisfies the http.Handler.
So it's easily pluggable into existing servers.
Let assume that you setup your DNS service so all *.example.com domains route
to your server at the public IP 203.0.113.0. Let us first create the server
part:
package main
import (
"net/http"
"github.com/koding/tunnel"
)
func main() {
cfg := &tunnel.ServerConfig{}
server, _ := tunnel.NewServer(cfg)
server.AddHost("sub.example.com", "1234")
http.ListenAndServe(":80", server)
}
Once you create the server, you just plug it into your server. The only
detail here is to map a virtualhost to a secret token. The secret token is the
only part that needs to be known for the client side.
Let us now create the client side part:
package main
import "github.com/koding/tunnel"
func main() {
cfg := &tunnel.ClientConfig{
Identifier: "1234",
ServerAddr: "203.0.113.0:80",
}
client, err := tunnel.NewClient(cfg)
if err != nil {
panic(err)
}
client.Start()
}
The Start() method is by default blocking. As you see you, we just passed the
server address and the secret token.
Now whenever someone hit sub.example.com, the request will be proxied to the
machine where client is running and hit the local server running 127.0.0.1:80
(assuming there is one). If someone hits sub.example.com:3000 (assume your
server is running at this port), it'll be routed to 127.0.0.1:3000
That's it.
There are many options that can be changed, such as a static local address for your client. Have alook at the documentation
Protocol
The server/client protocol is written in the spec.md file. Please have a look for more detail.
License
The BSD 3-Clause License - see LICENSE for more details
FAQs
Unknown package
Package last updated on 01 Jun 2017
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Security News
Research
Typosquatting Cryptographic Libraries: Malicious npm Packages Threaten Crypto Developers with Keylogging and Wallet Theft
Socket researchers have discovered malicious npm packages targeting crypto developers, stealing credentials and wallet data using spyware delivered through typosquats of popular cryptographic libraries.
By Kirill Boychenko - Nov 27, 2024
Security News
Weekly Downloads Now Available in npm Package Search Results
Socket's package search now displays weekly downloads for npm packages, helping developers quickly assess popularity and make more informed decisions.
By Sarah Gooding - Nov 26, 2024