Building a HTTP Proxy using Netcat on Linux

Netcat is a powerful network tool that can help you diagnose, manage or mess with Unix or Windows-based systems. In this post, I want you to join me on the adventure to build an HTTP-Proxy using Netcat.

You can use a Proxy for debugging purposes or make hidden or blocked content in a different network available to outsiders. A load balancer uses this principle to bidirectional pass data between you and a webserver node. Let’s build ower on proxy.

Photo by Alina Grubnyak on Unsplash

I would like to point out whatever we are doing here was done using the virtual learning environment smartlearn.ch.

Before we start

Let’s start by making sure you have installed Netcat. If not, please follow the official website instructions: Download the Free Nmap Security Scanner for Linux/Mac/Windows. And make sure you have a Webserver running in localhost:8080.

Create a Proxy

First, we create a pipe on the file system, which allows us to send data between the two necessary instances of Netcat running simultaneously.

mknod pipe

Next, we can start the two Netcat instances and connect them up using this command.

ncat -ln -p 80 < pipe | tee -a inbound | ncat localhost 8080 | tee -a outbound.html > pipe

Lastly, we open the web browser and navigate to 127.0.0.1:80, and the default NGINX page will greet us. Great job, we are done!

Explanation

After we successfully start our HTTP Proxy, we can take a deeper look at what we have done. Technically it’s not an HTTP proxy. It’s a TCP proxy. You can send any TCP requests over the created proxy.

In the first Netcat instance, we are listening on port 80. This command gets fed by the “pipe”-File using the “<” char. Next, we pipe the output into the tee tool, which collects all input, attaches it to the “inbound”-File, and pipe it into the next Netcat instance. The second Netcat instance is listening on port 8080 and pipes its output into another tee tool, which collects all output, attaches it to the “outbound.html”-File, and send it into the “pipe”-File. We have created two channels (one from port 80 to 8080 and one from port 8080 to 80).