Skip to content

Socat cheatsheet

Listen

Listen on port 8080

socat - tcp-listen:8080,reuseaddr

Port forwarding

Forward local port 8080 to 10.1.1.1 port 80

socat tcp-listen:8080,fork TCP:10.1.1.1:80

Execute commands

Bind on port, execute command on connection

socat tcp-listen:1234,fork,reuseaddr system:id

The same with exec

socat tcp-listen:1234,fork,reuseaddr exec:ls

Simple bind shell

socat tcp-listen:1234,fork,reuseaddr system:/bin/bash

exec version

socat tcp-listen:1234,fork,reuseaddr exec:/bin/sh

File operations

Read file

socat file:file_name -

Append contents of file1 to file2

socat file:file1 file:file2,append

Append output of the command to out.txt file

echo test123 | socat - file:out.txt,append

Change owner of the file

socat - file:test.txt,append,user=user_name

Create a file and write to it from stdin

socat -u stdin open:test.txt,creat,trunc

Redirect output of the command to a file

echo test | socat - OPEN:test.txt,creat,trunc

SSL

Plain-text to SSL

Tunnel plain-text data from local port 8080 to https on 10.0.0.1

socat -v tcp4-listen:8080,reuseaddr,fork ssl:10.0.0.1:443,verify=0

SSL for non-https web server

Generate certificate with openssl

openssl req -new -x509 -keyout key.pem -out server.pem -days 365 -nodes

Concatenate key and cert files

cat key.pem server.pem > cert.pem

Setup socat

socat openssl-listen:8443,reuseaddr,cert=cert.pem,verify=0,fork tcp:127.0.0.1:8090

UDP

UDP server and client

socat - udp-listen:1234
socat - udp:localhost:1234