Practical /dev/tcp in the HTTPS Era
10 points by azathothas
10 points by azathothas
Since /dev/tcp doesn’t work with https, complex redirect chains or even dns sometimes, almost all mentions of it in the hacking articles online are not that useful
We had to make soar’s install script be able to work anywhere, In the article you get to know about http://http.pkgforge.dev & how you can use it to make /dev/tcp finally practical & useful in the modern https age
Downloading binaries over HTTP is no issue, as long as you checksum them. So after download, you can just run sha256sum or use GPG to validate signatures. But what if the system doesn’t have either of those? Is there a SHA2 implementation in bash somewhere? 😄
Also: if you can get the install.sh script onto the machine, why not just copy the soar binary onto it?
sha256sum is coreutils now but yes some embedded systems don’t even have this…
Also: if you can get the install.sh script onto the machine, why not just copy the soar binary onto it?
The 5 line bash snippet is way way shorter than install.sh, and can be typed. And if you really want install.sh, then transferring it is much quicker because it’s a text file compared to the megabyte binary. All of that assumes you have fast connection and ssh(scp) to do it in the first place.
…I was kind of hoping for a minimal TLS implementation in pure Bash.
@edit: of course it exists! https://github.com/gh2o/bash_tls
That is awesome. But this little bit on the GitHub repo should be highlighted a bit more:
Does not validate certificate chain
Every system with bash has /dev/tcp - a built-in feature for raw TCP connections. ⚠ Bash must be compiled with–enable-net-redirections,but this is by default always enabled.
TIL it’s enabled on Debian. That’s changed since I last looked.