Web development means working at a very high level of abstraction. For the magic to work, a multitude of technologies must also work: networks, sockets, HTTP. Like all leaky abstractions, however, we can sidestep a lot of the complexity until things stop working.
Netcat does exactly what its name says: it cats stuff over a network. It can send or receive bytes over the network.
File transfer
client:
server:
This is probably one of the fastest and most casual way to transfer a file between two systems. Nothing (besides nc) needs to be installed, no authentication or encryption is performed.
I would reserve this use of netcat for post-apocalyptic server crashes where you need to transfer files but nothing is installed and zombies are about to come crashing in.
More realistically …
HTTP tricks
Let’s spy on safari:
This will happen after you try to open localhost:9999 in a browser. You can see all the headers, in the raw form. This is one level above using a packet sniffer like wireshark
Let’s save the request: (you’ll have to open localhost:9999 again)
Feed the request to google.com (or you own web server)
Have a look at the raw request: (vim response)
Yeah, it’s gzip compressed. More interestingly, we can use this to mock google:
Open localhost:9999 in a browser, get served, byte-for-byte, what google would have served you.
You can use the -k flag to keep the connection open after the file is served:
This will show you the subsequent requests (images, javascript, css)
Finally, you might want to serve the file more than once:
Discussion
I’ve used netcat in the past to debug gzip compression on nginx and lighttpd. With browsers and curl/wget all doing-the-right-thing with/without gzip compression, how can you really tell if it’s enabled or not?
You can also use it to spoof requests. Both a request or a response file can be trivially changed whereas the same effect could sometimes be achieved by making significant and/or time-consuming configuration changes to your setup.
Of course, this is not limited to HTTP. Extend the ideas here to fit your life.
Netcat is not the ultimate-solution™. It is called the hacker’s swiss army knife. It’s the kind of program you don’t need until you really do.
I read the entire article in your voice and it was oddly comforting.
Great article, as is becoming usual. Totally useful for pinging different services when your on an unknown server behind a firewall, for whatever reason.
I not only read the article, I also tried it out. So “nc -l 9999” did not work for my version (1.10), but “nc -l -p 9999” did the trick instead. Maybe you want to fix/mention this in the article. Have a nice day!
ah … A fun UNIX trivia bit!
I just tried “nc -l 9999” and it works fine on the BSD version (Mac OS X) but fails miserably on Gentoo.
To make things worse, on the BSD version “nc -l -p 9999” returns the usage …
Apparently, you’ll have to flavor the examples according to the whims of your specific version of netcat. :-D
You could also use curl –compressed to test for gzip compression
do something like ‘curl –compressed http://example.com -o /dev/null -w “%{size_download}\n”‘ and then do the same w/o –compressed.
you should get very different sized with both commands, also, for this to work you need zlib enabled curl.
0.02$
Good stuff.
[…] https://technotales.wordpress.com/2009/06/14/netcat-tricks/ […]
I’m extremely impressed with your writing skills as well as with the layout on your weblog. Is this a paid theme or did you customize it yourself? Either way keep up the nice quality writing, it’s rare to see a nice blog like this one today.
Wow, that’s what I was searching for, what a stuff! existing here at this web site, thanks admin of this web page.
[…] https://technotales.wordpress.com/2009/06/14/netcat-tricks/ […]
No matter if some one searches for his essential thing,
therefore he/she wishes to be available that in detail, therefore that thing is maintained over here.
[…] Netcat tricks « Jonathan’s Techno-tales […]
[…] https://technotales.wordpress.com/2009/06/14/netcat-tricks/ […]
[…] Favorite Ncat/nc/Netcat trick ads.pdf Netcat_for_the_Masses.pdf netcat_cheat_sheet_v1.pdf socat Netcat tricks Nmap Development Terminally Incoherent Skoudis_pentestsecrets.pdf Ncat for Netcat […]