{"id":2350,"date":"2018-01-28T18:49:35","date_gmt":"2018-01-28T23:49:35","guid":{"rendered":"http:\/\/osric.com\/chris\/accidental-developer\/?p=2350"},"modified":"2018-01-28T18:49:35","modified_gmt":"2018-01-28T23:49:35","slug":"using-nc-netcat-to-make-an-http-request","status":"publish","type":"post","link":"https:\/\/osric.com\/chris\/accidental-developer\/2018\/01\/using-nc-netcat-to-make-an-http-request\/","title":{"rendered":"Using nc (netcat) to make an HTTP request"},"content":{"rendered":"

I must have had some reason for wanting to do this, although I can’t think of why right now. curl<\/a> is an excellent tool for ad hoc HTTP requests.<\/p>\n

On a server running Apache 2.4.6, first I tried:<\/p>\n

# nc 127.0.0.1 80
\nGET \/ HTTP\/1.1<\/code><\/p>\n

Which returned a HTTP\/1.1 400 Bad Request<\/code> error.<\/p>\n

Next I tried:<\/p>\n

# printf \"GET \/index.html HTTP\/1.1\\r\\n\\r\\n\" | nc 127.0.0.1 80<\/code><\/p>\n

Which also returned a HTTP\/1.1 400 Bad Request<\/code> error.<\/p>\n

I decided to take a look at what curl was sending, since that was working:<\/p>\n

# curl -v http:\/\/127.0.0.1
\n* About to connect() to 127.0.0.1 port 80 (#0)
\n* Trying 127.0.0.1...
\n* Connected to 127.0.0.1 (127.0.0.1) port 80 (#0)
\n> GET \/ HTTP\/1.1
\n> User-Agent: curl\/7.29.0
\n> Host: 127.0.0.1
\n> Accept: *\/*
\n...<\/code><\/p>\n

I put the same headers (with a modified User-Agent<\/code>) into my printf<\/code> statement:<\/p>\n

# printf \"GET \/index.html HTTP\/1.1\\r\\nUser-Agent: nc\/0.0.1\\r\\nHost: 127.0.0.1\\r\\nAccept: *\/*\\r\\n\\r\\n\" | nc 127.0.0.1 80
\nHTTP\/1.1 200 OK
\nDate: Sun, 28 Jan 2018 23:11:04 GMT
\nServer: Apache\/2.4.6 (CentOS) PHP\/5.4.16
\nLast-Modified: Sun, 28 Jan 2018 20:10:37 GMT
\nETag: \"78-563dbb912bfe0\"
\nAccept-Ranges: bytes
\nContent-Length: 120
\nContent-Type: text\/html; charset=UTF-8<\/p>\n

<!DOCTYPE html>
\n<html>
\n<head>
\n<title>well that worked<\/title>
\n<\/head>
\n<body>
\n<h1>apache is running<\/h1>
\n<\/body>
\n<\/html><\/code><\/p>\n

That worked!<\/p>\n

I eliminated the User-Agent<\/code> the Accept<\/code> headers and it still worked, so the missing Host<\/code> header was the cause of my problems. I swear I’ve done this before without a Host<\/code> header though.<\/p>\n

I looked up the HTTP specification<\/a>, and as described in section 5.2 of the RFC:<\/p>\n

\n1. If Request-URI is an absoluteURI, the host is part of the Request-URI. Any Host header field value in the request MUST be ignored.<\/p>\n

2. If the Request-URI is not an absoluteURI, and the request includes a Host header field, the host is determined by the Host header field value.<\/p>\n

3. If the host as determined by rule 1 or 2 is not a valid host on the server, the response MUST be a 400 (Bad Request) error message.<\/p>\n

Recipients of an HTTP\/1.0 request that lacks a Host header field MAY attempt to use heuristics (e.g., examination of the URI path for something unique to a particular host) in order to determine what exact resource is being requested.<\/p><\/blockquote>\n

I could not get it to work with an absoluteURI<\/code>, even using the example in the RFC. However I did find that I could ignore the Host<\/code> header if I specified HTTP\/1.0:<\/p>\n

# printf \"GET \/ HTTP\/1.0\\r\\n\\r\\n\" | nc 127.0.0.1 80<\/code><\/p>\n

I also found that Apache didn’t care what the Host header was when using HTTP\/1.1, just so long as something was there:<\/p>\n

# printf \"GET \/ HTTP\/1.1\\r\\nHost: z\\r\\n\\r\\n\" | nc 127.0.0.1 80<\/code><\/p>\n

That’s a little odd. I did not specify a ServerName<\/code> in my Apache config, but even after I specified ServerName 127.0.0.1:80<\/code> in \/etc\/httpd\/conf\/httpd.conf<\/code> and restarted Apache, it still required the Host<\/code> header and it still didn’t care what the content of the Host<\/code> header was (so long as it was not empty).<\/p>\n","protected":false},"excerpt":{"rendered":"

My attempts to send an HTTP GET request via netcat (nc) were failing, with 400 Bad Request errors returned by the server. I discovered that I could get a successful 200 OK response if I specified HTTP\/1.0 instead of HTTP\/1.1, or if I included the Host header in my HTTP request using HTTP\/1.1.<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[232],"tags":[73,486,485],"class_list":["post-2350","post","type-post","status-publish","format-standard","hentry","category-tips-tricks","tag-apache","tag-nc","tag-netcat"],"_links":{"self":[{"href":"https:\/\/osric.com\/chris\/accidental-developer\/wp-json\/wp\/v2\/posts\/2350","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/osric.com\/chris\/accidental-developer\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/osric.com\/chris\/accidental-developer\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/osric.com\/chris\/accidental-developer\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/osric.com\/chris\/accidental-developer\/wp-json\/wp\/v2\/comments?post=2350"}],"version-history":[{"count":2,"href":"https:\/\/osric.com\/chris\/accidental-developer\/wp-json\/wp\/v2\/posts\/2350\/revisions"}],"predecessor-version":[{"id":2359,"href":"https:\/\/osric.com\/chris\/accidental-developer\/wp-json\/wp\/v2\/posts\/2350\/revisions\/2359"}],"wp:attachment":[{"href":"https:\/\/osric.com\/chris\/accidental-developer\/wp-json\/wp\/v2\/media?parent=2350"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/osric.com\/chris\/accidental-developer\/wp-json\/wp\/v2\/categories?post=2350"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/osric.com\/chris\/accidental-developer\/wp-json\/wp\/v2\/tags?post=2350"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}