How to make an HTTP GET request manually with netcat?

This works for me:

$ nc www.rssweather.com 80
GET /wx/in/kanpur/wx.php HTTP/1.0
Host: www.rssweather.com

And then hit double <enter>, i.e. once for the remote http server and once for the nc command.

source: pentesterlabs

Of course you could dig in standards searched for google, but actually if you want to get only a single URL, it isn't​‎​‎ worth the effort.

You could also start a netcat in listening mode on a port:

nc -l 64738

_{(Sometimes nc -l -p 64738 is the correct argument list)}

...and then do a browser request into this port with a real browser. Just type in your browser http://localhost:64738 and see.

In your actual case the problem is that HTTP/1.1 doesn't close the connection automatically, but it waits your next URL you want to retrieve. The solution is simple:

Use HTTP/1.0:

GET /this/url/you/want/to/get HTTP/1.0
Host: www.rssweather.com
<empty line>

or use a Connection: request header to say the server you want to close after that:

GET /this/url/you/want/to/get HTTP/1.1
Host: www.rssweather.com
Connection: close
<empty line>

Extension: After the GET header write only the path part of the request. The hostname from which you want to get data belongs to a Host: header as you can see in my examples. This is because multiple websites can run on the same webserver, so the browsers need to say him, from which site it wants to load the page.

On MacOS, you need the -c flag as follows:

Little-Net:~ minfrin$ nc -c rssweather.com 80
GET /wx/in/kanpur/wx.php HTTP/1.1
Host: rssweather.com
Connection: close
[empty line]

The response then appears as follows:

HTTP/1.1 200 OK
Date: Thu, 23 Aug 2018 13:20:49 GMT
Server: Apache
Connection: close
Transfer-Encoding: chunked
Content-Type: text/html

The -c flag is described as "Send CRLF as line-ending".

To be HTTP/1.1 compliant, you need the Host header, as well as the "Connection: close" if you want to disable keepalive.

You don't even need to use/install netcat

• Create a tcp socket via an unused file-descriptor i.e I use 88 here
• Write the request into it

• use the fd

  exec 88<>/dev/tcp/rssweather.com/80
  echo -e "GET /dir/Asia/India HTTP/1.1\nhost: www.rssweather.com\nConnection: close\n\n" >&88
  sed 's/<[^>]*>/ /g' <&88