TCP proxy with netcat

From Noah.org
Revision as of 13:11, 28 May 2014 by Root (talk | contribs)
Jump to navigationJump to search


This article shows uses of netcat to demonstrate a few simple proxies.


This is a simple proxy for HTTP. Note that most web proxies are configured in the web browser to automatically handle subsequent requests. The proxy shown here does not follow HTTP proxy protocol. This is called a transparent proxy.

mkfifo /tmp/fifo
nc -lk -p 8080 </tmp/fifo | nc www.noah.org 80 >/tmp/fifo

Note that this will not work on virtual web sites. Web servers use the Host request header field to determine which virtual web site to serve. If Host is not set correctly then the web server will return an error like this.

Site Temporarily Unavailable
We apologize for the inconvenience. Please contact the webmaster/ tech support immediately to have them rectify this.
error id: "bad_httpd_conf"

The simple transparent proxy is not smart enough to handle HTTP traffic. The following HTTP proxy will rewrite the Host: field in the HTTP request header to support virtual web sites. This version also adds logging of the client request and server response. Note that this does not rewrite HTML responses so the links in the web page will still point to the original web site, so subsequent requests made by clicking links in the web page will not go through the proxy connection.

mkfifo /tmp/fifo
nc -lk -p 8080 </tmp/fifo | sed -u -e 's/^Host.*/Host: www.noah.org/' | tee -a http_request.log | nc www.noah.org 80 | tee -a http_response.log >/tmp/fifo

This version attempts to do a very unsophisticated rewrite of the HTML so that subsequent requests will continue to come back through the proxy (note the URL is rewritten to the results of hostname -f). It also deletes request headers that would normally affect proxies. It deliberately circumvents normal headers used to control proxy connections. So this is a improper HTTP proxy. It is also not very reliable. It tends to hang and get stuck. I am not sure why.

mkfifo /tmp/fifo
nc -q -1 -l -p 8080 </tmp/fifo \
    | sed -u -e 's/^Host:.*/Host: www.noah.org/' -e '/^Connection:.*/d' -e '/^If-None-Match:.*/d' -e '/^If-Modified-Since:.*/d' -e '/^Accept-Encoding:.*/d' \
    | tee -i -a http_request.log \
    | nc -q -1 www.noah.org 80 \
    | sed -u -e 's/noah.org/$(hostname -f)/i' \
    | tee -i -a http_response.log >/tmp/fifo