ncat --socks4-proxy - piping commands or redirecting files

[jah <jah () zadkiel plus com>]

Hi folks,

I've been playing with ncat and not having much success with piping
commands or redirecting files to it when using --socks4-proxy 127.0.0.1
and ssh -ND 1080 <ssh_host_ip>.

I can do this:
ncat webserver.com 80 --socks4-proxy 127.0.0.1
and then manually send GET / HTTP/1.1 (single newline).  This works fine.

I can't do this on windows:
echo GET / HTTP/1.1 | ncat webserver.com 80 --socks4-proxy 127.0.0.1
but on *nix it works fine - as does (echo GET / HTTP/1.1; echo) | ncat ...

I can't do this on either windows or *nix:
ncat webserver.com 80 --socks4-proxy 127.0.0.1 < get.req
where get.req is a file containing the GET request.

In order to try and get a better idea of what's going on I installed a
SOCKS proxy on a windows VM allowing me to capture the SOCKS protocol
traffic and here's what I found.

On both windows and nix, if I don't pipe a command or redirect a file
then the SOCKS negotiation is as expected and I can make a manual GET
request without issue.

If I pipe a command or redirect a file to ncat then instead of sending a
CONNECT request to the proxy the GET request is sent straight away, the
proxy responds with FIN, ACK, client sends ACK and the proxy tears down
the connection (either immediately or after another round of FIN, ACK).

I expected piping to work on nix as it did with the ssh tunnel and find
it strange that it doesn't.

So am I going nuts or is there something wrong with ncat?  Anyone else
reproduce it?

Regards,

jah



_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org