Preferring SOCAT over NETCAT

Pax Prz on 2020-03-30

$ man socat

Netcat has always been one of the favourite tool for hackers to use. It is a easy to use tool which reads and writes data across network connections, using TCP and UDP protocol. It also allows programs or scripts to be run remotely. Besides it also contain many features like port scanning, transferring files, and port listening. So the tool is also called hacker’s ‘Swiss Army Knife’.

But this blog is not about netcat. Today, I am going to write about a tool so unknown to hackers/network admins that might open some new possibilities. SOCAT (SOcket CAT) is a command-line utility that establishes two bidirectional byte streams and data transfer between them. Its a similar tool as that of netcat, where server opens a port to listen and client connects to that port for all kinds of stuff that netcat can be used for. But the good thing is socat gives you the features you might wished you had on netcat.

Let us begin with a simple TCP connection between two ports on the system. Similar the way as netcat, we can start the server in socat with following command.

$ sudo socat TCP4-LISTEN:4444 STDOUT

With root permission, above command started a socat TCP server for IPV4 on port 4444. And the incoming data to that specific port is shown to STDOUT, in this case your terminal.

Next step is to connect a client to that server and start a communication channel.

$ socat — TCP:

If you know in linux terminal, dash -> stdin/stdout, our client’s stdin is stdout for server and vice versa. Here we made a tcp connection to localhost in port 4444

Goal: socat connection

Congratulations. You have learn how to start a connection using socat, but still we have more to go. Now I’ll be talking about few points why socat is powerful than netcat.

1. Multiple connections:

So you always wanted a connection that doesn’t die when client terminates. Say no more. Let me talk to you how you can achieve that using socat. Socat provides feature to fork child process for every new client, just like apache server does.

So now let us start a server and host a file this time.

$ sudo socat -d -d TCP4-LISTEN:4444,fork file:rmnotice.txt

This time we enable verbosity by -d -d option. The fork option allow us to join multiple connection to that port. The file address point to file you want to send in every connection.

Now, use a socat client to get that file. Here is the command to do so.

$ socat TCP: file:received_notice.txt,create

The file send by server is to be created in a new file named revceived_notice.txt

Goal: Multiple Connection

Did you notice? The connection didn’t die. If you try another client connect to the server to get the file, you will get it again. For hackers this might be very useful, as you can start getting multiple shell from a single port:

$ sudo socat TCP4-LISTEN:4444,fork EXEC:/bin/bash

EXEC option is similar to -e option in netcat

2. Creating secure channel

Do you ever cared about privacy? Well I do. Your connection between server and client on netcat is unencrypted. This means if someone is eaves dropping (MITM) on your network, all your conversation is captured by the hacker.

Goal: Overcome this MITM

Socat give you option to create OPENSSL connection between client and server, allowing all your conversations to be secured. First of all, lets create a self-signed certificate using openssl command:

$ openssl req -newkey rsa:2048 -nodes -keyout private.key -x509 -days 365 -out public.crt

Above command creates a 2048 bit RSA encryption certificate. Now create a pem file format which is understood by socat.

$ cat private.key public.crt > cert.pem

Next step is to start a SSL connection using OPENSSL.

$ sudo socat OPENSSL-LISTEN:4444,cert=cert.pem,verify=0 STDOUT

This opens a SSL encrypted server on port 4444. verify=0 allows any client to connect to the server.

In order to connect to the server, use following command:

$ socat — OPENSSL:,verify=0

Goal: Encrypted Connection

Send some message between client and server, and intercept the traffic in wireshark. You will see that your communication got encrypted.

3. More Protocols Supported

Yeah. socat can make you communicate over so many protocols that netcat lacks. Its the language master in the world of network and communications. Socat supports both IPV4 and IPV6 communications. Some of the protocols socat support are: OPENSSL, SCTP (Stream Control Transmission Protocol), SOCKET, TCP, TUN, UDP, … For more info check the ADDRESS TYPES section on its manual page.

So yeah, socat has been a hidden gem and its time to unreveal its power. I have left many things untouched in the part. If you like this part, I’ll show you some more things that socat can do.