I am serving an interactive program to a remote terminal using socat
. To start simple I used script.sh
below, but it also works fine for the client with bash
(for reverse shell), python
, vim
, irssi
, etc.
I want to monitor the client's activity, so I tried the -v
option for verbosity on the server side.
Program script.sh
:
#!/bin/bash
while read -p 'Tell me something: ' MSG;
do
echo "I got $MSG";
done
Server:
socat -v tcp-listen:9099,reuseaddr exec:script.sh,pty,stderr,setsid,sane
Client:
socat tcp-connect:IP:9099 file:$(tty),rawer
It works, but the results are unreadable because of the way how socat
generates the verbose output.
What the client sees:
Tell me something: hello
I got hello
socat
verbose output on the server side:
< 2022/06/06 00:17:59.920945 length=19 from=0 to=18
Tell me something: > 2022/06/06 00:18:01.716074 length=1 from=0 to=0
h< 2022/06/06 00:18:01.716317 length=1 from=19 to=19
h> 2022/06/06 00:18:01.935165 length=1 from=1 to=1
e< 2022/06/06 00:18:01.935401 length=1 from=20 to=20
e> 2022/06/06 00:18:02.176460 length=1 from=2 to=2
l< 2022/06/06 00:18:02.176874 length=1 from=21 to=21
l> 2022/06/06 00:18:02.303743 length=1 from=3 to=3
l< 2022/06/06 00:18:02.304001 length=1 from=22 to=22
l> 2022/06/06 00:18:02.454156 length=1 from=4 to=4
o< 2022/06/06 00:18:02.454555 length=1 from=23 to=23
o> 2022/06/06 00:18:03.693822 length=1 from=5 to=5
\r< 2022/06/06 00:18:03.694050 length=2 from=24 to=25
\r
< 2022/06/06 00:18:03.694373 length=32 from=26 to=57
I got hello\r
When using with programs with colours and UI - like vim
- things get really unusable because of colours and interactivity:
This is vim welcome message on the server side:
.[21;1H~
.[22;1H~
.[m.[38;5;253m.[48;5;234m.[23;1H.[38;5;247m.[48;5;235m[No Name]
0,0-1 All.[m.[38;5;253m.[48;5;234m.[6;32HVIM - Vi IMproved.[8;33Hversion 8.1.3741.[9;29Hby Bram Moolenaar et al..[10;21HModified by [email protected].[11;19HVim is open source and freely distributable.[13;26HBecome a registered Vim user!.[14;18Htype :help register.[38;5;238m<Enter>.[m.[38;5;253m.[48;5;234m for information .[16;18Htype :q.[38;5;238m<Enter>.[m.[38;5;253m.[48;5;234m to exit .[17;18Htype :help.[38;5;238m<Enter>.[m.[38;5;253m.[48;5;234m or .[38;5;238m<F1>.[m.[38;5;253m.[48;5;234m for on-line help.[18;18Htype :help version8.[38;5;238m<Enter>.[m.[38;5;253m.[48;5;234m for version info.[1;5H.[?25h> 2022/06/06 01:59:24.565253 length=6 from=0 to=5
.[2;2R> 2022/06/06 01:59:24.565700 length=10 from=6 to=15
.[>0;10;1c
How can I see on the server side something as close as possible to what the client see? I prefer using socat
because the next step will be to encrypt it with SSL.
I have tried to pipe it to
grep -v "<"
, mess around withicanon
assocat
parameter and doingstty -icanon && socat -v tcp-l...
, usecut -c 1
andsed 's/\(.\).*/\1/'
to extract the first char, but still can't figure a solution.
From Socat version 1.7.4.2 on, there are reasonably working options to get 1:1 copies of the data streams:
-r /path/to/file1 # copy of left-to-right
-R /path/to/file2 # copy of right-to-left
Appearently they did not find their way into the man page, but are shown with socat -h
You still might need to strip the terminal control sequences, or try to pipe the data to less -R or less -r