Web development means working at a very high level of abstraction. For the magic to work, a multitude of technologies must also work: networks, sockets, HTTP. Like all leaky abstractions, however, we can sidestep a lot of the complexity until things stop working.
Netcat does exactly what its name says: it cats stuff over a network. It can send or receive bytes over the network.
This is probably one of the fastest and most casual way to transfer a file between two systems. Nothing (besides nc) needs to be installed, no authentication or encryption is performed.
I would reserve this use of netcat for post-apocalyptic server crashes where you need to transfer files but nothing is installed and zombies are about to come crashing in.
More realistically …
Let’s spy on safari:
This will happen after you try to open localhost:9999 in a browser. You can see all the headers, in the raw form. This is one level above using a packet sniffer like wireshark
Let’s save the request: (you’ll have to open localhost:9999 again)
Feed the request to google.com (or you own web server)
Have a look at the raw request: (vim response)
Yeah, it’s gzip compressed. More interestingly, we can use this to mock google:
Open localhost:9999 in a browser, get served, byte-for-byte, what google would have served you.
You can use the -k flag to keep the connection open after the file is served:
Finally, you might want to serve the file more than once:
I’ve used netcat in the past to debug gzip compression on nginx and lighttpd. With browsers and curl/wget all doing-the-right-thing with/without gzip compression, how can you really tell if it’s enabled or not?
You can also use it to spoof requests. Both a request or a response file can be trivially changed whereas the same effect could sometimes be achieved by making significant and/or time-consuming configuration changes to your setup.
Of course, this is not limited to HTTP. Extend the ideas here to fit your life.
Netcat is not the ultimate-solution™. It is called the hacker’s swiss army knife. It’s the kind of program you don’t need until you really do.