56

I'm working on a homework assignment for my college course. The task is to fetch web pages on HTTPS using nc (netcat).

To fetch a page over HTTP, I can simply do the following:

cat request.txt | nc -w 5 <someserver> 80

In request.txt I have an HTTP 1.1 request

GET / HTTP/1.1
Host: <someserver>

Now... This works perfectly fine. The challenge is, however - to fetch a web page that uses HTTPS?

I get a page certificate like this. And this is the point at which I'm currently stuck

openssl s_client -connect <someserver>:443
Oto Brglez
  • 762
  • 1
  • 5
  • 9

4 Answers4

78

nc doesn't do https. openssl s_client is as close as you'll get. Do something like this:

$ cat request.txt | openssl s_client -connect server:443
Bill Weiss
  • 10,782
  • 3
  • 37
  • 65
54

ncat --ssl

On Ubuntu:

sudo apt-get install nmap
printf 'GET / HTTP/1.1\r\nHost: github.com\r\n\r\n' | ncat --ssl github.com 443

Same as on Super User Can the telnet or netcat clients communicate over SSL? but nmap uses ncat with nc (e.g., nc --ssl).

On Debian or Ubuntu:

sudo apt-get install ncat
Paul
  • 2,755
  • 6
  • 24
  • 35
  • is there any way to take your command and pass username and password commands into it for https sites that require authentication? – user53029 Mar 16 '16 at 12:52
  • @user53029 I think not for most websites, where authentication works by filling a form and giving you a session cookies. Unless it is one of the very few websites that uses other methods of authentication like https://en.wikipedia.org/wiki/Basic_access_authentication. You could also manually fill the form, and then send the cookie while it is valid. Or if you are desperate use http://stackoverflow.com/questions/13376189/how-to-login-into-a-website-with-casperjs – Ciro Santilli OurBigBook.com Mar 16 '16 at 12:58
  • ncat is not nc, ncat does not support keep connection on send the payload like as nc. The question require a objetive response using nc not others apps. – e-info128 Apr 25 '18 at 11:56
  • 2
    @e-info128 thanks for that info. My philosophy is: when I google for something, and I click on this page, will I find the answer that I want. – Ciro Santilli OurBigBook.com Apr 25 '18 at 12:30
  • what is `sudo apt-get install nmap`?? – Alexander Mills May 20 '19 at 01:50
  • @AlexanderMills It's a package that includes a utility that works very much the same way as nc but has additional features. It's called ncat. – var firstName Dec 04 '19 at 17:38
  • `ncat` is in its own separate Debian package, doesn't necessarily get installed along with nmap. We should `apt-get install ncat` not `nmap`, which just suggests `ncat`. I'll edit the answer. – Sam Watkins Jan 27 '22 at 12:41
7

You probably want to use stunnel.

A GNU program allowing to encrypt arbitrary TCP connections inside Secure Sockets Layer (SSL).

http://www.stunnel.org

It's very UNIX-y. One great tool for one simple task.

Yves Junqueira
  • 671
  • 3
  • 7
3

Ask the prof or TA for assistance. You would never try to do HTTPS over netcat in the real world (openssl s_client would be my first-line tool of choice, but there are other options) so the chances of finding the "right" answer that the prof wants by asking people in the real world is low. I'd probably go over all the slides/notes from the lectures; typically these sorts of "impossible" questions are actually answered in the lectures, and asked just to see who is actually paying attention in class.

womble
  • 95,029
  • 29
  • 173
  • 228