[bitmasher9]

Why wouldn’t you use curl for the quick test?

[hnav]

Sometimes you want to do something that curl cannot express, e.g. timing, protocol oddities, etc. For example you may want to issue a CONNECT to an echo server through a proxy and observe the bytes flowing back and forth. You may want to see what happens when conflicting hop-by-hop headers are specified without worrying about the client's (curl's) interpretation of them. A simple nc -c (or openssl s_client -crlf) lets you do all of that.

[Bender]

For what it's worth curl can do very detailed timing [1] and it can also do this using a proxy

    export http_proxy=http://your.proxy.server:port/

    export HTTPS_PROXY=https://your.proxy.server:port/

    curl -x http://proxy_server:proxy_port --proxy-user username:password

    or  $socks-wrapper curl # [2]

[1] - https://dev.to/gbhorwood/curl-getting-performance-data-with-...

[2] - torsocks, tsocks, wireproxy, shadowsocks-rust, proxychains-ng, etc...

[hnav]

what I meant was a proxy that implements HTTP/1.1 CONNECT

and a server behind it like

``` mkfifo /tmp/myfifo cat /tmp/myfifo | nc -l 12345 > /tmp/myfifo ```

so if you manually type out

  CONNECT host:12345 HTTP/1.1
  host: host:12345

you can see exactly what's happening. To be fair you can hack curl to support that via

  curl -x proxy:3333 telnet://host:12345

but that's not exactly what you want and requires curl to have been compiled with telnet support.

[Bender]

Ah, I see what you mean. Aside from putting the proxy into debug logging one would have to use curl -vvv to get similar details but I suppose whatever works best with muscle memory is the right choice and one may not always have access to put the proxy into debug logging.

I need to try this with a Squid SSL Bump MitM proxy just dont have one up at the moment.

    curl -vvv -A Mozilla -H "Accept-Language: en_us" -H "Sec-Fetch-Mode: navigate" --url 'https://nochan.net/.env'

[a-dub]

because in those days there was no curl, or wget. and then when there was, there was no guarantee they'd be installed.

telnet was always there though. it also worked for speaking all the other plaintext internet protocols. (imap, pop, smtp, etc)

[dragontamer]

Note: Telnet is not completely plaintext and has control characters in the upper byte range (like 0xff or something, I forget).

Use nc or this TCP Bash technique if you really want to ensure decent compatibility when doing hacky solutions, otherwise a random 0xFF somewhere from a terminal console color change (or other control character) might really screw you over.

EDIT or ya know, use the correct tool like Curl.

[HeckFeck]

I used telnet to send mail via SMTP once, it's quite literally a good social protocol because it begins with a polite 'HELO'.

[nativeit]

Is it the reply to ‘HELO’ that enables things like tarpits?

Like if my server replied with ‘HI PLEASURE TO MEET YOU 127.0.0.1 THAT NAME SOUNDS FAMILIAR ARE YOU BY CHANCE FROM BOSTON MY MOTHER IS FROM BOSTON WELL QUINCY ACTUALLY BUT DO YOU KNOW 127.0.1.1 THEY ARE A REALLY GOOD FRIEND OF MINE YOU SHOULD MEET I HEAR THEIR DAUGHTER IS A DOCTOR DONTYAKNOW AND YOU COULD…”

etc, etc?

[edoceo]

For SMTP tarpits you can do all kinds of fun stuff. Not just in the reply to helo. Like: always be slow to respond. Respond to each command with a temporary error. Accept everything, then pause, then error. Send back large chunks of garbage.

[a-dub]

the '90s version of finding the hiring manager or boss on linkedin to try and get a job was connecting to the company's public smtp server with telnet, using their name to probe different email address patterns with "rcpt to:" (those days the actual servers were often directly connected to the internet and would leak email address validity in how they would respond to rcpt to) and then sending them a nice email.

smtp grew up to be an antisocial curmudgeon. extended smtp starts with EHLO.

[endofreach]

> smtp grew up to be an antisocial curmudgeon. extended smtp starts with EHLO.

email will become so unusable, next one will have to be HELNO i guess

[jolmg]

> smtp grew up to be an antisocial curmudgeon. extended smtp starts with EHLO.

"EHLO" still sounds friendly. It just sounds like a different accent or something. Know someone that used to answer calls with a friendly "Jello?".

[xp84]

Eventually Microsoft will debut Microsoft Extended SMTP which will greet with MEHLO

[a-dub]

yeah, i think you're right. i originally read a bit of snarky blow-off, like "eh?" ... but you know, now that i think of it, it's actually does have more of a friendly canadian style vibe.

[hadlock]

In the days of ultra thin containers, there's still no guarantee curl or wget will be installed, either.

[asmnzxklopqw]

Because curl is not installed in minimal docker images.

[xp84]

Sometimes I don't understand why people use those most tiny of images, at least for anything that they might ever ssh into.

When there is no corresponding level of restraint in the libraries that we add to most applications, does it really make a difference to leave out the likes of curl, nano, ping, etc compared to how frustrating it is to operate in just busybox (etc)?

I'm not just ranting, I'd actually like someone who swears by always shipping alpine images (etc) and never installing any basic utilities in them to share their reasoning.

[alex_smart]

Less installed things means smaller security surface area, fewer things to patch when CVEs get discovered etc.

Thanks to `kubectl debug`, you don't need to install debugging utilities into your production image.

[gear54rus]

neither is bash or even sh for that matter :) if you have bash, you probably have apk or apt

[mcmoor]

Sometimes I worked in environment that blocks all internet access, but I still need some way to test internal connectivity.