GitHub/witty
3
0
Fork 0
mirror of https://github.com/syssecfsu/witty.git synced 2025-01-11 12:42:35 +01:00
Code Issues Projects Releases Wiki Activity

support self-signed cert

Browse Source
This commit is contained in:
Zhi Wang 2022-01-07 09:00:44 -05:00
parent 4b8a7b064a
commit b6b15e80a6
6 changed files with 37 additions and 29 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
README.md
View File

@ -1,5 +1,7 @@
# Web Terminal
A (unsafe) technical demo to export a shell to web browser.
It is just a simple demo in case some people are interested in
how to setup xterm.js with websocket.
This program is written in the go programming language, using the
Gin web framework, gorilla/websocket, pty, and xterm.js!
@ -8,16 +10,21 @@ window (xterm.js) and create a websocket with the server. On
the server side, it serves the basic HTML/JS/CSS files and
websockets (by shovling the data between pty and xterm).
It is amazing what you can do with 260 lines of go code.
It is just a simple demo in case some people are interested in
how to setup xterm.js with websocket.
___It is amazing what you can do with 270 lines of go code.___
To use the program, download/clone the code, and in the web_terminal
directory, run ```go build .```, this will create the binary called
web_terminal. To run it, use ```./web_terminal cmd options_to_cmd```.
web_terminal. Then, go to the tls directory and create a self-signed
certificate according to the instructions in README.
To run it, use ```./web_terminal cmd options_to_cmd```.
If no cmd and options are given, web_terminal will run bash by default.
You can run shells but also single programs, such as htop. The program
You can run shells but also single programs, such as htop. For example,
you can export the ssh shell, such as ```./web_terminal ssh 192.168.1.2 -l pi```.
The program
has been tested on Linux, WSL2, Raspberry Pi 3B (Debian), and MacOSX.
***known bug***
@ -33,6 +40,7 @@ ___Do NOT run this in an untrusted network. You will expose your
shell to anyone that can access your network and Do NOT leave
the server running.___
Here is a screenshot:
Here is a screencast for sshing into Raspberry Pi running
[pi-hole](https://pi-hole.net/) (```./web_terminal ssh 192.168.1.2 -l pi```):
<img src="https://github.com/syssecfsu/web_terminal/blob/master/extra/screenshot.png?raw=true" width="800px">
<img src="https://github.com/syssecfsu/web_terminal/blob/master/extra/screencast.gif?raw=true" width="800px">

21
assets/index.html
View File

@ -22,7 +22,7 @@
</head>
<body>
<h2>Terminal.js Demo</h2>
<h2>Web Terminal</h2>
<div id="terminal">
<div id="terminal_view"></div>
</div>
@ -30,22 +30,11 @@
term = createTerminal();
// print something to test output and scroll
var str = [
' Xterm.js is the frontend component that powers many terminals including',
' \x1b[3mVS Code\x1b[0m, \x1b[3mHyper\x1b[0m and \x1b[3mTheia\x1b[0m!',
'',
' ┌ \x1b[1mFeatures\x1b[0m ──────────────────────────────────────────────────────────────────┐',
' │ │',
' │ \x1b[31;1mApps just work \x1b[32mPerformance\x1b[0m │',
' │ Xterm.js works with most terminal Xterm.js is fast and includes an │',
' │ apps like bash, vim and tmux optional \x1b[3mWebGL renderer\x1b[0m │',
' │ │',
' │ \x1b[33;1mAccessible \x1b[34mSelf-contained\x1b[0m │',
' │ A screen reader mode is available Zero external dependencies │',
' │ │',
' │ \x1b[35;1mUnicode support \x1b[36mAnd much more...\x1b[0m │',
' │ Supports CJK 語 and emoji \u2764\ufe0f \x1b[3mLinks\x1b[0m, \x1b[3mthemes\x1b[0m, \x1b[3maddons\x1b[0m, \x1b[3mtyped API\x1b[0m │',
' │ ^ Try clicking italic text │',
' ┌────────────────────────────────────────────────────────────────────────────┐',
' │ Xterm.js is the frontend component that powers many terminals including, │',
' │ \x1b[3mVS Code\x1b[0m, \x1b[3mHyper\x1b[0m and \x1b[3mTheia\x1b[0m! │',
' │ │',
' │ \x1b[34mhttps://xtermjs.org\x1b[0m (<-try to click it!) ',
' └────────────────────────────────────────────────────────────────────────────┘',
''
].join('\n\r');

2
assets/main.js
View File

@ -43,7 +43,7 @@ function createTerminal() {
fitAddon.fit();
// create the websocket and connect to the server
const ws_uri = "ws://" + window.location.host + "/ws";
const ws_uri = "wss://" + window.location.host + "/ws";
const socket = new WebSocket(ws_uri);
const attachAddon = new AttachAddon.AttachAddon(socket);
term.loadAddon(attachAddon);

BIN
extra/screencast.gif Executable file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 874 KiB

8
main.go
View File

@ -128,7 +128,7 @@ func toPtyStdin(ws *websocket.Conn, ptmx *os.File) {
}
}
// shovel data from websocket to pty stdin
// shovel data from pty Stdout to WS
func fromPtyStdout(ws *websocket.Conn, ptmx *os.File, done chan struct{}) {
readBuf := make([]byte, 4096)
@ -224,7 +224,7 @@ func fileHandler(c *gin.Context, fname string) {
} else {
//c.HTML interprets the file as HTML file
//we do not need that for regular files
c.File(fmt.Sprint("assets/", fname))
c.File(fmt.Sprint("./assets/", fname))
}
}
@ -251,7 +251,7 @@ func main() {
rt := gin.Default()
rt.SetTrustedProxies(nil)
rt.LoadHTMLGlob("assets/*.html")
rt.LoadHTMLGlob("./assets/*.html")
rt.GET("/*fname", func(c *gin.Context) {
fname := c.Param("fname")
@ -265,5 +265,5 @@ func main() {
}
})
rt.Run(":8080")
rt.RunTLS(":8080", "./tls/cert.pem", "./tls/private-key.pem")
}

11
tls/README.md Normal file
View File

@ -0,0 +1,11 @@
Past lesson shows that a test cert hurts security (because
people just use it). Follow the steps below to create a
self-sigend ECC cert by yourself.
```
# generate a private key for a curve
openssl ecparam -name prime256v1 -genkey -noout -out private-key.pem
# Create a self-signed certificate
openssl req -new -x509 -key private-key.pem -out cert.pem -days 360
```