Filter stdin of process executed with socat client

macos bash zsh linux socat

My question is: is there a way to pre-process the stdin of a command executed via socat client.

Context: I am launching a reverse shell with socat using this command:

$> socat -T30 "openssl-connect:api.hoposhell.com:10000,verify=0,keepalive" "exec:$SHELL,pty,stderr,setsid"

In order to keep the connection alive, my server sends the ACK ASCII character (0x06) every 10 seconds. However, this has side effects in some applications and some ^F characters appears.

In bash or zsh it is possible to use pipes with sed like below:

$> echo "rick roll" | sed 's/r//g'
ick oll

Is there a way to do something similar with socat? (e.g. use cat between the socket read and the executed command)

Note:

  • this is a follow up to this question Keep alive SSL client connection with socat
  • I would be happy with other ASCII character (other than 0x06) if that allows to circumvent the issue
  • I am using bash and zsh under linux and macos (Big Sur)

Edit: simple equivalent example

Let us say I listen to the reverse shell with (machine 1)

1> socat -d -d TCP4-LISTEN:4242 STDOUT

and connect a reverse shell with (machine 2)

2> socat TCP4:localhost:4242 SYSTEM:/bin/bash,pty,setsid,stderr

I can now use a shell from computer 1 (executed on computer 2) Now I want that everytime I send character 0x06 from 1 to 2, is is ignored.

Now, if I replace by:

2>  socat TCP4:localhost:4243 SYSTEM:"/usr/bin/sed -u 's/a/b/g' | bash -i",pty,setsid,stderr

Now I should get a reverse shell when all the "a" become "b" as below (on machine 1). But I get two issues:

  • when I type "a", the "a" is still shown (twice) as below (I pressed "la" + ENTER)
bash-3.2$ la
la
lb
bash: lb: command not found
bash-3.2$
  • when my server sends some "a" characters they still appear as is
bash-3.2$ aaaaaaaaaa
aaaaaaaaaa
bbbbbbbbbb
bash: bbbbbbbbbb: command not found
bash-3.2$

My objective is to get respectively:

bash-3.2$ lb
bash: lb: command not found
bash-3.2$ bbbbbbbbbb
bash: bbbbbbbbbb: command not found

The post Sed with port forwarding in socat recommends using a command similar to:

socat TCP-LISTEN:8002,fork SYSTEM:/path/to/replace.sh

The file replace.sh should have the execution permission.

An example for changing all a to b:

#!/bin/bash
sed -u 's/a/b/g'

For sed, it is important to use -u (unbuffered).

Related

Is there an equivalent of ~ from Unix systems in Windows cmd.exe?
How can I exclude attachment content when searching in Outlook 2010?
How I can get Dragon NaturallySpeaking to talk into my Linux virtual machine with VMware?
How to give computer URL to access over the internet?
Booting with MBR in UEFI (No CSM mode at all)?
Windows 7 boot from downloaded .iso
How make windows 7 firewall block all traffic
Windows 7 blank DVI screen
How to create bootable DOS USB stick which sees NTFS drives?
IPv6 - Is my device accessible from the internet?
Mac: How to record VoIP phone call (microphone and output simultaneously)?
How to add a "duplicate this folder" in windows file explorer context menu?