Zero Day Archives
  • What is Zero Day Archives?
  • Contributors
  • Wireless Security
    • Intro to WiFi Pentesting
      • WEP Networks
      • WPS
      • WPA-PSK Networks
      • WPA & WPA2 PSK
      • WPA2 & WPA3 Enterprise Networks
      • WPA2 & WPA3-APLess
  • Reverse Engineering
    • Reverse Engineering
      • Introduction to Software Reverse Engineering
        • Introduction to Capture the Flag (CTF) Competitions
        • What are PE & Elf Binaries
        • Assembly Language for Beginner Reverse Engineers
        • Memory Registers for x86-64 (64-bit) and x86 (32-bit)
        • Reversing Tools: Command-Line Utilities for Binary Analysis
        • Reversing ELF Binaries: Techniques and Tools
      • Disassembly & Debugging
        • GDB for Reverse Engineering
        • RADARE2 for Reverse Engineering
        • GHIDRA for Reverse Engineering
        • IDA Pro for Reverse Engineering
      • Binary Exploitation
        • Buffer Overflows
          • What are Buffer Overflows and Stack Protections?
          • Commonly Exploited C Functions and Their Secure Alternatives
          • Basic Buffer Overflow in x86-64 Using GDB
        • Cryptography
          • Understanding Ciphers and Identifying Common Patterns
          • Teaching XOR Operations in Binary Exploitation
        • Return Oriented Programming (ROP)
          • Practical Guide to Exploring and Identifying Return-Oriented Programming (ROP)
        • Cracking and Patching Binaries
          • Tactics, Tools, and Procedures for Cracking and Patching Binaries
        • Ret2Win Challenges
  • Malware Analysis
    • Malware Analysis
      • Static Analysis
  • Transporting Files to/from Victims
    • Transferring Files to/from High Value Targets
      • Linux
      • Windows
      • CrackMapExec (NetExec)
  • Penetration Testing against GIT Remote Repositories
    • Targeting GIT Repositories
      • Attacking GIT
  • Network Pivoting, Port Forwarding, and Tunneling
    • Pivoting
      • Ligolo-ng
        • Basic Pivoting
        • Setup Reverse Shells through Pivot
        • Transferring Files through Pivot
      • Pivoting: Using Remote Desktop
      • ProxyChains
      • Metasploit
    • SSH Tunneling
      • SSH Local Port Forwarding
      • SSH Dynamic Port Forwarding
      • Sshuttle over SSH
    • Port Fowarding
      • Chisel Port Forwarding
      • NetSH for Port Forwarding
      • Plink for Port Forwarding
      • SoCat
      • Metasploit: Port Forwarding
  • Anti-Virus Evasion
    • Anti-Virus Evasion
      • Evasion with Metasploit
      • Evasion wtih Shellter
      • Evasion with Virus Total
  • Public Exploit Research
    • Online Exploit Research & Methods
  • Password Attacks
    • Password Attacks
      • Identifying Hashes
        • Hash Identifier Tools
      • John The Ripper
        • Cracking Passwords with John
        • Convert to Hashes with John
        • NTLM vs NTLMv2 Hashes + CrackMapExec
      • Hashcat
        • Cracking Passwords with Hashcat
      • Hydra
        • Hydra for Network Services
        • Hydra for Web Services
      • Mutating Wordlists for John & Hashcat
        • Mutating Wordlists
  • Digital Forensics & Incident Response (DFIR)
    • Digital Forensics
  • Data Science
    • Data Science/AI
  • Software Defined Radio (SDR)
    • Software Defined Radio
  • Embedded Systems Programming
    • Field Programmable Gate Arrays (FPGAs)
  • Other Resources
    • Resources for Hackers
Powered by GitBook
On this page
  1. Network Pivoting, Port Forwarding, and Tunneling
  2. Port Fowarding

SoCat

Using Socat for Port Forwarding

Socat (short for SOcket CAT) is a powerful and flexible networking tool that enables bidirectional data transfer between two endpoints. It is commonly used for port forwarding, tunneling, and proxying network traffic. Socat supports a wide range of protocols, including TCP, UDP, UNIX sockets, and even SSL-encrypted connections, making it a versatile tool for a variety of network manipulation tasks.

In this guide, we’ll explore how to use Socat for port forwarding.

What is Port Forwarding with Socat?

Port forwarding is a technique where traffic arriving at a specific port on one machine is forwarded to another port on the same or a different machine. Socat makes this process easy by providing a simple interface to configure this behavior for TCP, UDP, and even Unix sockets.

Installing Socat

Socat is available in the default repositories for most Linux distributions. To install it, use the package manager for your distribution:

sudo apt install socat

Using Socat for Port Forwarding

Socat can handle multiple types of port forwarding, such as local, remote, and even UDP forwarding. Let’s break down how to use it for these tasks.

Step 1: Local Port Forwarding with Socat

Local port forwarding redirects traffic arriving at a local port to a remote destination. You can use the following command to forward local traffic to a remote machine or service:

socat TCP-LISTEN:[LOCAL_PORT],reuseaddr,fork TCP:[REMOTE_IP]:[REMOTE_PORT]

  • TCP-LISTEN:[LOCAL_PORT]: Listens for incoming TCP connections on the specified local port.

  • reuseaddr: Allows the port to be reused.

  • fork: Tells Socat to fork a new process for each incoming connection.

  • TCP:[REMOTE_IP]:[REMOTE_PORT]: The destination IP and port where traffic will be forwarded.

Example 1: Forward Local Port 8080 to Remote Port 80

socat TCP-LISTEN:8080,reuseaddr,fork TCP:192.168.1.100:80

This command will forward all incoming traffic on port 8080 on your local machine to port 80 on the remote machine at 192.168.1.100.

Step 2: Remote Port Forwarding with Socat

Remote port forwarding is the opposite of local port forwarding. It redirects traffic from a remote machine’s port to a local machine. Here’s how you can achieve this with Socat:

socat TCP-LISTEN:[REMOTE_PORT],reuseaddr,fork TCP:[LOCAL_IP]:[LOCAL_PORT]

  • TCP-LISTEN:[REMOTE_PORT]: The port on the remote machine that Socat will listen to.

  • TCP:[LOCAL_IP]:[LOCAL_PORT]: The local IP and port to which the traffic will be forwarded.

Example 2: Forward Remote Port 8080 to Local Port 80

socat TCP-LISTEN:8080,reuseaddr,fork TCP:127.0.0.1:80

This command will forward any traffic that arrives on port 8080 on the remote machine to port 80 on the local machine (127.0.0.1).

Step 3: UDP Port Forwarding with Socat

In addition to TCP, Socat can also handle UDP traffic, which is useful for applications that rely on UDP. Here’s how you can forward UDP packets:

socat UDP-LISTEN:[LOCAL_PORT],reuseaddr,fork UDP:[REMOTE_IP]:[REMOTE_PORT]

Example 3: Forward UDP Traffic from Port 12345 to Port 54321

socat UDP-LISTEN:12345,reuseaddr,fork UDP:192.168.1.100:54321

This command will forward all UDP traffic received on port 12345 on the local machine to port 54321 on the remote machine at 192.168.1.100.

Why Use Socat for Port Forwarding?

Socat is a flexible and highly configurable tool for networking, making it an ideal choice for tasks like port forwarding, proxying, and tunneling. It’s particularly valuable because of its ability to handle a wide variety of protocols and its support for complex configurations.

Some advantages of using Socat include:

  • Support for multiple protocols: TCP, UDP, UNIX sockets, SSL/TLS.

  • Flexibility: You can chain multiple sockets together for advanced networking setups.

  • No additional installation required: Socat is available on most Linux systems and can be used for a variety of network-related tasks, making it a valuable tool for system administrators, security professionals, and penetration testers.

PreviousPlink for Port ForwardingNextMetasploit: Port Forwarding

Last updated 2 months ago