Security News
tea.xyz Spam Plagues npm and RubyGems Package Registries
Tea.xyz, a crypto project aimed at rewarding open source contributions, is once again facing backlash due to an influx of spam packages flooding public package registries.
Readme
Yet another TCP-over-HTTP(S) tunnel.
Client component accepts TCP connections and forwards them to server component via pair of HTTP(S) connections in streaming mode (Content-Encoding: chunked
). Server component forwards connections to target host and port (e.g. to VPN daemon).
:heart: :heart: :heart:
You can say thanks to the author by donations to these wallets:
0xB71250010e8beC90C5f9ddF408251eBA9dD7320e
1N89PRvG1CSsUk9sxKwBwudN6TjTPQ1N8a
bc1qc0hcyxc000qf0ketv4r44ld7dlgmmu73rtlntw
For TLS reference see "TLS options" group in invokation synopsis.
With basic Python event loop:
pip3 install chunk-nordic
With high performance uvloop event loop:
pip3 install chunk-nordic[uvloop]
If you prefer distribution via Docker image see Docker Example section below.
Also chunk-nordic is available on Snap Store:
sudo snap install chunk-nordic
Note that binaries installed by snap are named chunk-nordic.client
and chunk-nordic.server
.
Server:
$ chunk-server --help
usage: chunk-server [-h] [-u URI] [-v {debug,info,warn,error,fatal}]
[--disable-uvloop] [-a BIND_ADDRESS] [-p BIND_PORT]
[-w TIMEOUT] [-c CERT] [-k KEY] [-C CAFILE]
dst_host dst_port
Yet another TCP-over-HTTP(S) tunnel. Server-side component.
positional arguments:
dst_host target hostname
dst_port target port
optional arguments:
-h, --help show this help message and exit
-u URI, --uri URI path where connections served (default: /chunk-nordic)
-v {debug,info,warn,error,fatal}, --verbosity {debug,info,warn,error,fatal}
logging verbosity (default: info)
--disable-uvloop do not use uvloop even if it is available (default:
False)
listen options:
-a BIND_ADDRESS, --bind-address BIND_ADDRESS
bind address (default: 127.0.0.1)
-p BIND_PORT, --bind-port BIND_PORT
bind port (default: 8080)
timing options:
-w TIMEOUT, --timeout TIMEOUT
backend connect timeout (default: 4)
TLS options:
-c CERT, --cert CERT enable TLS and use certificate (default: None)
-k KEY, --key KEY key for TLS certificate (default: None)
-C CAFILE, --cafile CAFILE
require client TLS auth using specified CA certs
(default: None)
Client:
$ chunk-client --help
usage: chunk-client [-h] [-v {debug,info,warn,error,fatal}] [--disable-uvloop]
[-a BIND_ADDRESS] [-p BIND_PORT] [-w TIMEOUT] [-c CERT]
[-k KEY] [-C CAFILE] [--no-hostname-check]
server_url
Yet another TCP-over-HTTP(S) tunnel. Client-side component.
positional arguments:
server_url target hostname
optional arguments:
-h, --help show this help message and exit
-v {debug,info,warn,error,fatal}, --verbosity {debug,info,warn,error,fatal}
logging verbosity (default: info)
--disable-uvloop do not use uvloop even if it is available (default:
False)
listen options:
-a BIND_ADDRESS, --bind-address BIND_ADDRESS
bind address (default: 127.0.0.1)
-p BIND_PORT, --bind-port BIND_PORT
bind port (default: 1940)
timing options:
-w TIMEOUT, --timeout TIMEOUT
server connect timeout (default: 4)
TLS options:
-c CERT, --cert CERT use certificate for client TLS auth (default: None)
-k KEY, --key KEY key for TLS certificate (default: None)
-C CAFILE, --cafile CAFILE
override default CA certs by set specified in file
(default: None)
--no-hostname-check do not check hostname in cert subject. This option is
useful for private PKI and available only together
with "--cafile" (default: False)
Let's assume we have OpenVPN instance on TCP port 1194 at server gate.example.com.
Server command:
chunk-server 127.0.0.1 1194
Client command:
chunk-client http://gate.example.com:8080/chunk-nordic
Fragment of client's OpenVPN config:
<connection>
remote 127.0.0.1 1940 tcp
</connection>
For environment same as in example above:
Server:
docker run -dit \
-p 8080:8080 \
--restart unless-stopped \
--name chunk-nordic-server yarmak/chunk-nordic \
server 127.0.0.1 1194
Client:
docker run -dit \
-p 1940:1940 \
--restart unless-stopped \
--name chunk-nordic-server yarmak/chunk-nordic \
client http://gate.example.com:8080/chunk-nordic
FAQs
Yet another TCP-over-HTTP(S) tunnel
We found that chunk-nordic demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Tea.xyz, a crypto project aimed at rewarding open source contributions, is once again facing backlash due to an influx of spam packages flooding public package registries.
Security News
As cyber threats become more autonomous, AI-powered defenses are crucial for businesses to stay ahead of attackers who can exploit software vulnerabilities at scale.
Security News
UnitedHealth Group disclosed that the ransomware attack on Change Healthcare compromised protected health information for millions in the U.S., with estimated costs to the company expected to reach $1 billion.