bash
追踪命令执行
strace -e trace=network,open,close bash -c 'exec 3<>/dev/tcp/example.org/80'
关键部分
socket(AF_INET, SOCK_STREAM, IPPROTO_TCP) = 3
connect(3, {sa_family=AF_INET, sin_port=htons(80), sin_addr=inet_addr("93.184.215.14")}, 16) = 0
检查文件描述符
ls -lat /proc/self/fd/
lrwx------ 1 user user 64 Aug 25 15:01 0 -> /dev/pts/0
lrwx------ 1 user user 64 Aug 25 15:01 1 -> /dev/pts/1
lrwx------ 1 user user 64 Aug 25 15:01 2 -> /dev/pts/2
lrwx------ 1 user user 64 Aug 25 15:01 3 -> 'socket:[2910856]'
lr-x------ 1 user user 64 Aug 25 15:01 4 -> /proc/1579316/fd
3是连接到example.org的套接字的文件描述符
重点来了:
exec 3<> /dev/tcp/...这个语法。它的含义是: "创建一个用于输入和输出操作的套接字,并将其分配给进程标识符为3的文件描述符。
发送http请求
echo -ne "GET / HTTP/1.1\r\nHost: example.org\r\n\r\n" >&3
读取响应结果
cat <&3
HTTP/1.1 200 OK
Age: 243157
Cache-Control: max-age=604800
Content-Type: text/html; charset=UTF-8
Date: Sun, 25 Aug 2024 14:15:54 GMT
Etag: "3147526947+ident"
Expires: Sun, 01 Sep 2024 14:15:54 GMT
Last-Modified: Thu, 17 Oct 2019 07:18:26 GMT
Server: ECAcc (dcd/7D77)
Vary: Accept-Encoding
X-Cache: HIT
Content-Length: 1256
<!doctype html>
<html>
<head>
<title>Example Domain</title>
...
</head>
<body>
<div>
<h1>Example Domain</h1>
<p>This domain is for use in illustrative examples in documents. You may use this domain in literature without prior coordination or asking for permission.</p>
<p><a href="https://www.iana.org/domains/example">More information...</a></p>
</div>
</body>
</html>
关闭套接字
exec 3<&-