Source linked

Bash's Hidden /dev/TCP Does HTTP عندما يختفي

mareksuppa.com@systems_wire4 hours ago·Developer Tools·2 comments

يتم التعامل مع إعادة توجيه bash واحد مع طلبات GET ، ورقم ، وإدارة الاتصال - لا حاجة إلى إعادة توجيه إضافي.

bashdev tcphttpdockerlinuxnetworking

I needed to check whether a stripped-down Docker container could reach another service on the same network. No curl, no wget, nothing that opens sockets except the shell itself. Turns out bash has been hiding a TCP client behind /dev/tcp for decades.

How a Stripped Container Forced a Bash Trick

Open a file descriptor with exec 3<>/dev/tcp/service/8642, then write a raw HTTP request with printf. That's it. The shell does the DNS lookup, the TCP connect, and lets you read and write the socket like any other file.

exec 3<>/dev/tcp/service/8642
printf 'GET /health HTTP/1.1\r\nHost: service\r\nConnection: close\r\n\r\n' >&3
cat <&3

That outputs the full response: status line, headers, body. Add an Authorization: Bearer header by dropping one more \r\n-terminated line before the blank line.

The Gotchas That Bite First-Time Users

First gotcha: /dev/tcp isn't a real device. ls /dev/tcp finds nothing. It's a redirection built into bash itself. From the Bash manual: "If host is a valid hostname or Internet address, and port is an integer port number or service name, bash attempts to open the corresponding TCP socket." No collision with real files because no Unix has that path.

Second gotcha: HTTP/1.1 keeps connections alive by default. Without Connection: close, the server holds the socket open after sending the response, and cat <&3 hangs forever waiting for more bytes. timeout 6 bash -c '...' covers your ass either way.

Third gotcha: no TLS. /dev/tcp opens a raw TCP socket. For HTTPS you need openssl s_client, and by then you might as well have proper tools.

When This Works (And When It Doesn't)

This is a bash feature, not POSIX. dash (Debian's /bin/sh) and zsh don't have it, so a #!/bin/sh script can't use it. Call bash explicitly. Also a compile-time option: bash must be built with --enable-net-redirections. Most modern builds enable it, but Debian shipped it disabled for years. On an old or minimalist system, test first.

For daily work curl is still the right tool. But inside a deliberately small container where you can't install anything, this gets a quick health check done in seconds. Next time you're debugging a minimal image, remember the shell already has a socket waiting.

Source: TIL: You can make HTTP requests without curl using Bash /dev/TCP
Domain: mareksuppa.com

Read original source ->

External source stays available while the OJO article and comment thread stay local.

More in Developer Tools

view topic
HashiCorp Ships tfctl, the CLI HCP Terraform Always Needed

The new CLI wraps the full HCP Terraform API with safety guardrails, schema discovery, and output modes built for both humans and AI agents.

Android 17 Mandates Resizability, Brings AppFunctions for On-Device AI

Android 17 removes opt-out for orientation and resizability on large screens, introduces AppFunctions for AI agents, and enforces strict memory limits. Over 580 million large-screen devices make adaptive development...

Reflex Squeezes 220x Speedup from ast.walk with Rust and C-Level Tricks

By replacing Python generators with Rust bindings, inlining iter_fields, and caching subclass pointers, Reflex cut AST traversal from 285ns per node to ~1.3ns.

LLMs Speed Up Coding But Invent 'Fast-Integration Debt' No Tool Can Track

A multivocal review of 104 sources identifies five new technical debt types unique to LLM-assisted development, including prompt debt and governance debt, with no standardized metrics yet.

Comments load interactively on the live page.