CODEWITHSUNDEEP
httpsforwardingsocat
Denis Shevchenko
Denis Shevchenko

Reputation: 1448

socat port forwarding for https

I can use socat for the port forwarding like this:

socat TCP4-LISTEN:8080 TCP4:123.456.789.12:80

In this case, it works perfectly: all http-requests to localhost:8080 will be redirected to 123.456.789.12:80.

But how can I use such forwarding for https-requests?

UPDATE: I need a single socat process between Firefox and remote server. socat is just a forwarder (proxy redirector), nothing more. Something like this:

Firefox -> socat -> server
       ------------>
           https

Upvotes: 26

Views: 79495

Answers (4)

Khalfella
Khalfella

Reputation: 109

Try something like this:

socat TCP-LISTEN:8080,fork,reuseaddr ssl:google.com:443

Upvotes: 9

vlp
vlp

Reputation: 8116

The browser security warning you are getting is because of the host name mismatch in the url and in the server certificate (e.g. localhost vs. example.com).

To make the forwarding work without this warning you need to put the forwarder on the same TCP port and override DNS resolution for the effected domain (i.e. make example.com resolve to 127.0.0.1).

The simplest approach is as follows:

  1. edit your hosts file and add example.com domain to the localhost line (sort of howto is here)

  2. start your forwarding (beware that you need to use server IP address and not domain name as the domain name is already redirected to localhost)

    socat TCP-LISTEN:443,fork,reuseaddr TCP:123.456.789.12:443

  3. check it is working in the browser via https://example.com

Do not forget to remove the domain entry from the hosts file when done experimenting.

If you can't ensure the same TCP port number, this approach might work as well -- but only under some conditions:

  • the site is using relative paths in links (as an absolute path would use original (thus different) port number)

  • there is no port number written in the server certificate (which is usually not the case)

Note: It is possible to setup a MITM socat proxy, but this would require adding an artificial trusted CA.

Good luck!

Upvotes: 13

Denis Shevchenko
Denis Shevchenko

Reputation: 1448

Unfortunately, socat cannot be used for such a task. I should use the real HTTP proxy server instead of socat.

Upvotes: -5

Thor
Thor

Reputation: 47099

Normally https servers run on port 443, so maybe that is your issue?

Trying to browse through socat to google.com with https works, albeit with an SSL certificate warning:

socat TCP-LISTEN:8080,fork,reuseaddr TCP:google.com:443

(use fork and reuseaddr to allow multiple connections and fast ip:port reuse, but beaware of the caveats).

Now you can access https at google from a browser, just go to https://localhost:8080.

Upvotes: 35

Related Questions