Connecting to HTTPS with netcat (nc)

Question

I'm working on a homework assignment for my college course. The task is to fetch web pages on HTTPS using nc (netcat).

To fetch a page over HTTP, I can simply do the following:

cat request.txt | nc -w 5 <someserver> 80

In request.txt I have an HTTP 1.1 request

GET / HTTP/1.1
Host: <someserver>

Now... This works perfectly fine. The challenge is, however - to fetch a web page that uses HTTPS?

I get a page certificate like this. And this is the point at which I'm currently stuck

openssl s_client -connect <someserver>:443

Answer 1

nc doesn't do https. openssl s_client is as close as you'll get. Do something like this:

$ cat request.txt | openssl s_client -connect server:443

Answer 2

ncat --ssl from the nmap project

TODO this stopped working at some point, when and why? I've also asked at the nmap mailing list at: https://seclists.org/nmap-dev/2024/q3/9

Install on Ubuntu 24.04, ncat 7.94:

sudo apt install ncat

Install older versions of Ubuntu such as Ubuntu 18.04, where the tool was in the nmap package itself:

sudo apt-get install nmap

Usage:

printf 'GET / HTTP/1.1\r\nHost: github.com\r\n\r\n' | ncat --ssl github.com 443

gives:

HTTP/1.1 400 Bad Request

and the body contains:

      <p>You have sent an invalid request. <br><br>                                                                                                                                           
        Please do not send this request again.                                                                                                                                                
      </p> 

It works on other servers however, e.g. example.com is seems happy with either:

h=example.com; printf "GET / HTTP/1.1\r\nHost: $h\r\n\r\n" | ncat $h 80
h=example.com; printf "GET / HTTP/1.1\r\nHost: $h\r\n\r\n" | ncat --ssl $h 443

and many other servers immediately close without sending anything back including:

• facebook.com
• x.com

stackoverflow.com is apparently proxied through Cloudflare and rather gives:

HTTP/1.1 403 Forbidden

Related:

• Can the telnet or netcat clients communicate over SSL? on Super User
• SSL unsupported protocol error
• https://stackoverflow.com/a/52662497/895245 I said it was previously working on Ubuntu 18.04. But as of 2024 I tested on Ubuntu 18.04 docker and it failed with the same error. Did GitHub get more strict? Or was it just never working and I never noticed?

Answer 3

You probably want to use stunnel.

A GNU program allowing to encrypt arbitrary TCP connections inside Secure Sockets Layer (SSL).

http://www.stunnel.org

It's very UNIX-y. One great tool for one simple task.

Answer 4

Ask the prof or TA for assistance. You would never try to do HTTPS over netcat in the real world (openssl s_client would be my first-line tool of choice, but there are other options) so the chances of finding the "right" answer that the prof wants by asking people in the real world is low. I'd probably go over all the slides/notes from the lectures; typically these sorts of "impossible" questions are actually answered in the lectures, and asked just to see who is actually paying attention in class.