Tunnel TCP Through WebSockets (CLI Tool) (github.com)
My first thought when I saw this was "Hey! I made one of these". Turns out it goes the other way. From websocket to TCP. The thing I made was something where you connect to a socket(typically a unix domain socket in /tmp) and it connects to a web page via websockets.

First, as always hats off to the authors for publishing code and hacking on stuff for us all to use.

That said...You could just use corkscrew.

https://wiki.archlinux.org/index.php/HTTP_tunneling

Corkscrew + SSH has been helping individuals escape restrictive corporate networks for years.

Pretty sure SSH for remote server on port 443 plus corkscrew offers more than this solution. (Socks proxy, etc. Very flexible. No need for DNS muckery you would need with this solutions example etc.)

Instead of stuff inside websockets inside TLS, wouldn't it be more efficient to just do stuff inside TLS?

It's encrypted so firewalls shouldn't be able to tell the difference.

Corp firewalls often only ever see HTTP due to their CA certificate being installed on every machine and refusing "anonymous" HTTPS.

you'd be surprised what a "deep packet inspection" (better known as DPI or L7-aware) firewall can tell. some are quite sophisticated, and there are a surprising number of techniques to identify even encrypted traffic (not the precise payload, per se)

Well there's ALPN/NPN, but you could lie about those.

I would indeed find it surprising if any commercial firewalls distinguish websockets over TLS versus raw bytes over TLS. Not that it's impossible, but I wouldn't think it would be done commercially.

I see some potential to work around corporate firewalls.

If you had made this comment to the introduction of HTTP itself, I would today be hailing you as a visionary

