Use Socat for encrypted network traffic and shell

1. #generate keys for server
2. #most questions can be skipped but "Common Name" must be ip or domain of machine
3. openssl genrsa -out server.key 2048
4. openssl req -new -key server.key -x509 -days 3653 -out server.crt
5. cat server.key server.crt > server.pem
6. chmod 600 server.key server.pem
7. #start Server
8. socat OPENSSL-LISTEN:4443,reuseaddr,pf=ip4,fork,cert=server.pem,cafile=client.pem -
9.  
10.  
11. #generate keys for client
12. #most questions can be skipped but "Common Name" must be ip or domain of machine
13. openssl genrsa -out client.key 2048
14. openssl req -new -key client.key -x509 -days 3653 -out client.crt
15. cat client.key client.crt > client.pem
16. chmod 600 client.key client.pem
17. #start Client
18. socat OPENSSL:<serverIP>:4443,verify=0,cert=client.pem,cafile=server.pem -
19.  
20. #note that the 'fork' option on the server keeps it running after disconnect
21. #and allows more than one connection at a time
22.  
23. #get server date and time
24. #Start Server
25. socat OPENSSL-LISTEN:4443,reuseaddr,pf=ip4,fork,cert=server.pem,cafile=client.pem exec:'/bin/date'
26. #start client
27. socat OPENSSL:<serverIP>:4443,verify=0,cert=client.pem,cafile=server.pem -
28.  
29. #set a remote shell
30. #Start Server
31. socat OPENSSL-LISTEN:4443,reuseaddr,pf=ip4,fork,cert=server.pem,cafile=client.pem exec:'/bin/bash'
32. #start Client
33. socat OPENSSL:<serverIP>:4443,verify=0,cert=client.pem,cafile=server.pem -
34.  
35. #get mouse poition
36. #STart Server
37. socat OPENSSL-LISTEN:4443,reuseaddr,pf=ip4,fork,cert=server.pem,cafile=client.pem -|grep 'root:'
38. #Start client
39. xev|socat OPENSSL:<serverIP>:4443,verify=0,cert=client.pem,cafile=server.pem -