Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
telnet-stream
Advanced tools
Transform streams that emit TELNET negotiations as events
Although venerable, the TELNET protocol is still in use by some services and expected by some clients. If you need to connect to something that "speaks TELNET", this module offers some simple objects for that purpose.
If you need to connect to something that speaks TELNET, but you don't care about options or negotiations, then simply use TelnetSocket to decorate a regular socket. It will filter out all the "TELNET stuff" and pass the remaining data on to you.
// get references to the required stuff
var TelnetSocket, net, socket, tSocket;
net = require("net");
({TelnetSocket} = require("telnet-stream"));
// create a Socket connection
socket = net.createConnection(3000, "godwars2.org");
// decorate the Socket connection as a TelnetSocket
tSocket = new TelnetSocket(socket);
// if the socket closes, terminate the program
tSocket.on("close", function() {
return process.exit();
});
// if we get any data, display it to stdout
tSocket.on("data", function(buffer) {
return process.stdout.write(buffer.toString("utf8"));
});
// if the user types anything, send it to the socket
process.stdin.on("data", function(buffer) {
return tSocket.write(buffer.toString("utf8"));
});
Maybe you have more complex needs. Perhaps you need certain options to be turned on or off, or have important information to pull from a subnegotiation. This is pretty easy to do with TelnetSocket.
TelnetSocket is a decorator for a net.Socket object. Incoming TELNET commands, options, and negotiations are emitted as events. Non-TELNET data is passed through without changes.
When the remote system issues a TELNET command that is not option negotiation, TelnetSocket will emit a 'command' event.
var tSocket = new TelnetSocket(socket);
tSocket.on('command', function(command) {
// Received: IAC <command> - See RFC 854
});
When the remote system wants to request that the local system perform some function or obey some protocol, TelnetSocket will emit a 'do' event:
var tSocket = new TelnetSocket(socket);
tSocket.on('do', function(option) {
// Received: IAC DO <option> - See RFC 854
});
When the remote system wants to request that the local system NOT perform some function or NOT obey some protocol, TelnetSocket will emit a 'dont' event:
var tSocket = new TelnetSocket(socket);
tSocket.on('dont', function(option) {
// Received: IAC DONT <option> - See RFC 854
});
After negotiating an option, either the local or remote system may engage in a more complex subnegotiation. For example, the server and client may agree to use encryption, and then use subnegotiation to agree on the parameters of that encryption.
var tSocket = new TelnetSocket(socket);
tSocket.on('sub', function(option, buffer) {
// Received: IAC SB <option> <buffer> IAC SE - See RFC 855
});
When the remote system wants to offer that it will perform some function or obey some protocol for the local system, TelnetSocket will emit a 'will' event:
var tSocket = new TelnetSocket(socket);
tSocket.on('will', function(option) {
// Received: IAC WILL <option> - See RFC 854
});
When the remote system wants to refuse to perform some function or obey some protocol for the local system, TelnetSocket will emit a 'wont' event:
var tSocket = new TelnetSocket(socket);
tSocket.on('wont', function(option) {
// Received: IAC WONT <option> - See RFC 854
});
TelnetSocket is a decorator for a net.Socket object. Outgoing data is properly escaped where it might be confused for a TELNET command. There are also support functions to allow sending TELNET commands, options, and negotiations as well.
TELNET commands start with the Interpret as Command (IAC) byte. In order to send a literal IAC byte (one that is intended as data, not as a TELNET command), it must be sent as IAC IAC. TelnetSocket takes care of this transformation automatically.
Call this method to send a TELNET command to the remote system.
var NOP = 241; // No operation. -- See RFC 854
var tSocket = new TelnetSocket(socket);
// Sends: IAC NOP
tSocket.writeCommand(NOP);
Call this method to send a TELNET DO option negotiation to the remote system. A DO request is sent when the local system wants the remote system to perform some function or obey some protocol.
var NAWS = 31; // Negotiate About Window Size -- See RFC 1073
var tSocket = new TelnetSocket(socket);
// Sends: IAC DO NAWS
tSocket.writeDo(NAWS);
Call this method to send a TELNET DONT option negotiation to the remote system. A DONT request is sent when the local system wants the remote system to NOT perform some function or NOT obey some protocol.
var NAWS = 31; // Negotiate About Window Size -- See RFC 1073
var tSocket = new TelnetSocket(socket);
// Sends: IAC DONT NAWS
tSocket.writeDont(NAWS);
Call this method to send a TELNET subnegotiation to the remote system. After the local and remote system have negotiated and agreed to use an option, then subnegotiation information can be sent.
See Example #2: Negotiate About Window Size (NAWS) below.
Call this method to send a TELNET WILL option negotiation to the remote system. A WILL offer is sent when the local system wants to inform the remote system that it will perform some function or obey some protocol.
var NAWS = 31; // Negotiate About Window Size -- See RFC 1073
var tSocket = new TelnetSocket(socket);
// Sends: IAC WILL NAWS
tSocket.writeWill(NAWS);
Call this method to send a TELNET WONT option negotiation to the remote system. A WONT refusal is sent when the remote system has requested that the local system perform some function or obey some protocol, and the local system is refusing to do so.
var NAWS = 31; // Negotiate About Window Size -- See RFC 1073
var tSocket = new TelnetSocket(socket);
// Sends: IAC WONT NAWS
tSocket.writeWont(NAWS);
The simple example above provided a simple TELNET client. However, all TELNET commands were filtered and ignored. A service might think one was using a very dumb client, because it refuses to acknowledge TELNET negotiations.
This example does the same thing, but actively refuses all TELNET options. If the remote service offers something, we decline to take advantage of it. If the remote service requests that we do something, we refuse to do it.
// get references to the required stuff
var TelnetSocket, net, socket, tSocket;
net = require("net");
({TelnetSocket} = require("telnet-stream"));
// create a Socket connection
socket = net.createConnection(3000, "godwars2.org");
// decorate the Socket connection as a TelnetSocket
tSocket = new TelnetSocket(socket);
// if the socket closes, terminate the program
tSocket.on("close", function() {
return process.exit();
});
// if we get any data, display it to stdout
tSocket.on("data", function(buffer) {
return process.stdout.write(buffer.toString("utf8"));
});
// tell remote we WONT do anything we're asked to DO
tSocket.on("do", function(option) {
return tSocket.writeWont(option);
});
// tell the remote DONT do whatever they WILL offer
tSocket.on("will", function(option) {
return tSocket.writeDont(option);
});
// if the user types anything, send it to the socket
process.stdin.on("data", function(buffer) {
return tSocket.write(buffer.toString("utf8"));
});
This code is mostly the same as Example 0 except that we respond to incoming 'do' and 'will' events sent by the remote side.
Note that incoming 'dont' and 'wont' events are ignored. This is OK because they are the expected state. TELNET negotiations involve changes to the current state. As a rule, we don't acknowledge things that we already expect.
There is a TELNET option called "Negotiate About Window Size" (NAWS) that allows the server to learn the dimensions of the client's output window. This is useful is some cases, as the server can wrap text output at an appropriate boundary, implement a text windowing system, or other things that depend on client metrics.
This code implements a simple TELNET server that listens for NAWS subnegotiations and reports the client's window size to the console.
// some variables that we'll use
var NAWS, TelnetSocket, net, server;
// Negotiate About Window Size -- See RFC 1073
NAWS = 31;
// get references to the required stuff
net = require("net");
({TelnetSocket} = require("telnet-stream"));
// create a service to listen for incoming connections
server = net.createServer(function(socket) {
var tSocket;
// wrap the socket as a TelnetSocket
tSocket = new TelnetSocket(socket);
// if we get any data, display it to the console
tSocket.on("data", function(buffer) {
return process.stdout.write(buffer.toString("utf8"));
});
// if they send us a subnegotiation
tSocket.on("sub", function(option, buffer) {
var height, width;
// if they are telling us their window size
if (option === NAWS) {
// display it to the console
width = buffer.readInt16BE(0);
height = buffer.readInt16BE(2);
return process.stdout.write(`Client window: ${width}x${height}\n`);
}
});
// tell the client to send window size subnegotiations
return tSocket.writeDo(NAWS);
});
// start our server listening on port 3000
server.listen(3000);
This code implements a simple TELNET client that sends NAWS subnegotiations when the output window is resized. Note that it only sends NAWS subnegotiations after it has confirmed that the server supports and wants to hear about them.
// some variables that we'll use
var NAWS, TelnetSocket, net, sendWindowSize, serverNawsOk, socket, tSocket;
// Negotiate About Window Size -- See RFC 1073
NAWS = 31;
// get references to the required stuff
net = require("net");
({TelnetSocket} = require("telnet-stream"));
// create a Socket connection
socket = net.createConnection(3000);
// decorate the Socket connection as a TelnetSocket
tSocket = new TelnetSocket(socket);
// flag to indicate if its OK to send window size subnegotiations to the server
serverNawsOk = false;
// function: send window size to the server
sendWindowSize = function() {
var nawsBuffer;
// create a buffer
nawsBuffer = Buffer.alloc(4);
// fill the buffer up with our window dimensions
nawsBuffer.writeInt16BE(process.stdout.columns, 0);
nawsBuffer.writeInt16BE(process.stdout.rows, 2);
// send that buffer as a subnegotiation to the server
return tSocket.writeSub(NAWS, nawsBuffer);
};
// if the socket closes, terminate the program
tSocket.on("close", function() {
return process.exit();
});
// if we get any data, display it to stdout
tSocket.on("data", function(buffer) {
return process.stdout.write(buffer.toString("utf8"));
});
// if the server sends us a DO negotiation
tSocket.on("do", function(option) {
// if that negotiation is about window size
if (option === NAWS) {
// set the flag indicating that the server has
// told us it's OK to send our window size
serverNawsOk = true;
// tell the server that we WILL send window size
tSocket.writeWill(NAWS);
// send our current window size to the server
return sendWindowSize();
}
});
// if the user types anything, send it to the socket
process.stdin.on("data", function(buffer) {
return tSocket.write(buffer.toString("utf8"));
});
// if the terminal window is resized
process.stdout.on("resize", function() {
// if we're OK to send our window size to the server
if (serverNawsOk) {
// send the new window size to the server
return sendWindowSize();
}
});
Run this program and it should immediately send the current size of the terminal window to the server. After that, you can resize your terminal window in order to make the client program to send the new window size to the server.
This section covers advanced use-cases. If you need to use the TELNET protocol outside of a Socket context, or if you need to modify some aspects of the protocol handling, this is the section for you.
The TelnetSocket constructor takes an optional options
parameter:
new TelnetSocket(socket, [options])
socket
- Required: net.Socket to be decorated as a TELNET socketoptions
- Optional: Options configuration
bufferSize
- The size of the subnegotiation buffererrorPolicy
- How to handle subnegotiation command errorsAfter a TELNET option is negotiated between local and remote, either side may send subnegotiation data to the other. The TELNET protocol itself specifies no limit to this data.
Practical considerations dictate placing a reasonable limit on the amount of data buffered. Most services should NOT buffer an unlimited amount of data. Malicious clients may be able to cause a Denial of Service attack by forcing the server to allocate too much memory in response their requests.
By default, TelnetSocket will buffer to up 8192 (8K = 8 * 1024)
bytes of subnegotiation data. After this, it will emit an error
event to indicate an overflow in the subnegotiation buffer. These
additional bytes will be discarded.
In order to modify the size of the buffer, one can specify an
options object with the bufferSize
option:
// this TelnetSocket can handle 16K subnegotiations!
var tSocket = new TelnetSocket(socket, { bufferSize: 16384 });
The default of 8K should be sufficient for most use-cases.
During a subnegotiation, there are two valid sequences that begin with IAC. One is to escape another IAC intended as a literal data byte:
IAC IAC // this is a literal IAC [Hex 0xFF, Dec 255] byte
The other is to end the ongoing subnegotiation:
IAC SE // this signals the end of the subnegotiation
No other sequence is specified in the RFC. No mention is made of the state of the protocol after receiving an unknown sequence.
If an unknown sequence is detected; IAC followed by something
that isn't IAC or SE, then an error
event will be emitted.
The errorPolicy
option can set a policy for what will happen
to the two erroneous bytes.
By default, it is assumed that a faulty sequence starting with IAC is a failure to properly escape a data IAC byte as IAC IAC. TelnetSocket will keep both bytes (the IAC and the following data byte) and continue the subnegotiation.
If you want TelnetSocket to keep the data byte (the byte
following the IAC), but discard the IAC, the error policy
keepData
will do this. The data byte will be added to the
subnegotiation and the subnegotiation will continue.
// filter out erroneous IAC bytes
var tSocket = new TelnetSocket(socket, { errorPolicy: "keepData" });
If you want TelnetSocket to discard both the IAC and the data byte that follows it, the error policy "discardBoth" will do this. The subnegotiation will continue, containing neither of the two erroneous bytes.
// filter out erroneous IAC <data> bytes
var tSocket = new TelnetSocket(socket, { errorPolicy: "discardBoth" });
In addition to TELNET negotiation, RFC 854 specifies a Network Virtual Terminal (NVT). Among other things in the NVT specification, a Carriage Return (CR) [Hex 0x0C, Dec 13] byte must be followed by either a Line Feed (LF) [Hex 0x0A, Dec 10] byte or a Null (NUL) [Hex 0x00, Dec 0] byte. It says "the CR character must be avoided in other contexts".
Furthermore, it goes on to specify: "Even though it may be known in some situations that characters are not being sent to an actual printer, nonetheless, for the sake of consistency, the protocol requires that a NUL be inserted following a CR not followed by a LF in the data stream."
telnet-stream DOES NOT respect this part of the specification. The character following a CR in the data stream is never modified in any way. If you want or need this behavior, please open an issue on GitHub. The author would be very curious to discover a use-case where this behavior is both expected and necessary.
TelnetSocket is built on lower level Transform streams. These transform streams do the real work of managing the TELNET protocol, where TelnetSocket is simply a convenience wrapper over a Socket.
If you need TELNET handling outside of a Socket context; for example filtering TELNET codes from a raw log, you may be interested in these transform stream components.
Because TelnetInput and TelnetOutput are Node.js Transform streams, they support all the same operations that regular streams do. See the Node.js Stream API for more details.
TelnetInput is a Transform stream for the input side of TELNET. TELNET commands, options, and negotiations are emitted as events. Non-TELNET data is passed transparently as input data.
See: Event handlers ('command', 'do', 'dont', 'sub', 'will', 'wont')
Like TelnetSocket, the TelnetInput constructor takes an optional
options
object supporting options bufferSize
and errorPolicy
.
new TelnetInput([options])
options
- Optional: Options configuration
bufferSize
- The size of the subnegotiation buffererrorPolicy
- How to handle subnegotiation command errorsTelnetOutput is a Transform stream for the output side of TELNET. Data written to TelnetOutput is properly escaped to ensure that it isn't interpreted as a TELNET command. It also has methods for sending TELNET option negotiations and subnegotiations.
See: Helper functions (writeCommand
, writeDo
, writeDont
,
writeSub
, writeWill
, writeWont
)
This code is equivalent to Example 0, but instead of using TelnetSocket to decorate the provided Socket, the readable and writable sides are handled individually by Transform stream objects.
var net = require('net');
var TelnetInput = require('telnet-stream').TelnetInput;
var TelnetOutput = require('telnet-stream').TelnetOutput;
var socket = net.createConnection(3000, 'godwars2.org', function() {
var telnetInput = new TelnetInput();
var telnetOutput = new TelnetOutput();
socket.pipe(telnetInput).pipe(process.stdout);
process.stdin.pipe(telnetOutput).pipe(socket);
});
In order to make modifications to telnet-stream, you'll need to establish a development environment:
git clone https://github.com/blinkdog/telnet-stream.git
cd telnet-stream
npm install
node_modules/.bin/cake rebuild
The source files are located in src/main/coffee
.
The test source files are located in src/test/coffee
.
You can see a coverage report by invoking the coverage
target:
node_modules/.bin/cake coverage
telnet-stream
Copyright 2013-2021 Patrick Meade.
This program is free software: you can redistribute it and/or modify it under the terms of the GNU Affero General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version.
This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Affero General Public License for more details.
You should have received a copy of the GNU Affero General Public License along with this program. If not, see http://www.gnu.org/licenses/.
FAQs
TELNET protocol support library
The npm package telnet-stream receives a total of 1,609 weekly downloads. As such, telnet-stream popularity was classified as popular.
We found that telnet-stream demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.