Netcat

If you want secure communication, use cryptcat.

Basically, it works just like telnet:
 * 1) echo "GET /"|nc www.cs.aau.dk 80

Listen on Port 9999: From another terminal: write stuff
 * 1) nc -l -p 9999
 * 1) nc localhost 9999

netcat Usage Example: Hacking Internet Radio
First, we'll discover how winamp request a stream: $ nc -l -p 1234 >request <- listen on port 1234 and dump the incoming data to 'request' file Start WinAmp and use File->Play URL: [servername]:1234 and wait for it to time out. We now have a request file: $ cat request GET / HTTP/1.0 Host: servitor User-Agent: WinampMPEG/5.0 Accept: */* Icy-MetaData:1 Connection: close We can throw this at a internet radio server to get the data. First we'll need the servername and port. We download a internet radio link: $ wget -qO- http://www.bassdrive.com/BassDrive.m3u http://us-dc1.streams.bassdrive.com:8024 http://us-dc1.streams.bassdrive.com:8016 http://bassdrive.rootthis.com:8000 http://us-tx1.streams.bassdrive.com:9000 Now, we can tunnel the stream from the radio channel to a local port: $ cat request | nc us-dc1.streams.bassdrive.com 8016 | nc -l -p 1234 And play it in Winamp using File->Play URL: [servername]:1234

Just to try it, we can tamper with the signal: $ cat request | nc us-dc1.streams.bassdrive.com 8016 | tr s X | nc -l -p 1234 \____/                                                          |__ evil filter! Now, we'll try sucking 30 seconds of the stream using the stored request: $ cat request | nc -q 30 us-dc1.streams.bassdrive.com 8016 >bassdrive \___/                                      |                      |_____________ 30 seconds          output file 'bassdrive' We can now pretend to be the internet radio server: $ cat bassdrive | nc -l -p 1234 And play it in Winamp using File->Play URL: [servername]:1234 (but only for 30 seconds... :

The server responded to the request with this reply: $ head -n11 bassdrive ICY 200 OK icy-notice1:This stream requires Winamp icy-notice2:SHOUTcast Distributed Network Audio Server/SolarisSparc v1.9.5 icy-name:Bassdrive - Music Beyond - 24/7 Drum and Bass Jungle Radio Featuring Live Shows icy-genre:Techno Drum and Bass icy-url:http://www.bassdrive.com content-type:audio/mpeg icy-pub:1 icy-metaint:24576 icy-br:128

Now, we can make a really crappy shoutcast server by playing a local MP3 file: $ (head -n11 bassdrive; cat /path/to/somefile.mp3) | nc -l -p 1234