chisel: A fast TCP tunnel over HTTP

by ddos · December 20, 2024

chisel

Chisel is a fast TCP tunnel, transported over HTTP, secured via SSH. Single executable including both client and server. Written in Go (golang). It is mainly useful for passing through firewalls, though it can also be used to provide a secure endpoint into your network. Chisel is very similar to crowbar though achieves much higher performance.

Features

Easy to use
Performant*
Encrypted connections using the SSH protocol (via crypto/ssh)
Authenticated connections; authenticated client connections with a users config file, authenticated server connections with fingerprint matching.
Client auto-reconnects with exponential backoff
Client can create multiple tunnel endpoints over one TCP connection
Client can optionally pass through HTTP CONNECT proxies
Server optionally doubles as a reverse proxy
Server optionally allows SOCKS5 connections (See guide below)
Reverse port forwarding (Connections go through the server and out the client)

Download

Use

[pastacode lang=”markup” message=”” highlight=”” provider=”manual” manual=”%24%20chisel%20server%20–help%0A%0A%20%20Usage%3A%20chisel%20server%20%5Boptions%5D%0A%0A%20%20Options%3A%0A%0A%20%20%20%20–host%2C%20Defines%20the%20HTTP%20listening%20host%20%E2%80%93%20the%20network%20interface%0A%20%20%20%20(defaults%20the%20environment%20variable%20HOST%20and%20falls%20back%20to%200.0.0.0).%0A%0A%20%20%20%20–port%2C%20-p%2C%20Defines%20the%20HTTP%20listening%20port%20(defaults%20to%20the%20environment%0A%20%20%20%20variable%20PORT%20and%20fallsback%20to%20port%208080).%0A%0A%20%20%20%20–key%2C%20An%20optional%20string%20to%20seed%20the%20generation%20of%20a%20ECDSA%20public%0A%20%20%20%20and%20private%20key%20pair.%20All%20commications%20will%20be%20secured%20using%20this%0A%20%20%20%20key%20pair.%20Share%20the%20subsequent%20fingerprint%20with%20clients%20to%20enable%20detection%0A%20%20%20%20of%20man-in-the-middle%20attacks%20(defaults%20to%20the%20CHISEL_KEY%20environment%0A%20%20%20%20variable%2C%20otherwise%20a%20new%20key%20is%20generate%20each%20run).%0A%0A%20%20%20%20–authfile%2C%20An%20optional%20path%20to%20a%20users.json%20file.%20This%20file%20should%0A%20%20%20%20be%20an%20object%20with%20users%20defined%20like%3A%0A%20%20%20%20%20%20%7B%0A%20%20%20%20%20%20%20%20%22%3Cuser%3Apass%3E%22%3A%20%5B%22%3Caddr-regex%3E%22%2C%22%3Caddr-regex%3E%22%5D%0A%20%20%20%20%20%20%7D%0A%20%20%20%20when%20%3Cuser%3E%20connects%2C%20their%20%3Cpass%3E%20will%20be%20verified%20and%20then%0A%20%20%20%20each%20of%20the%20remote%20addresses%20will%20be%20compared%20against%20the%20list%0A%20%20%20%20of%20address%20regular%20expressions%20for%20a%20match.%20Addresses%20will%0A%20%20%20%20always%20come%20in%20the%20form%20%22%3Chost%2Fip%3E%3A%3Cport%3E%22.%0A%0A%20%20%20%20–auth%2C%20An%20optional%20string%20representing%20a%20single%20user%20with%20full%0A%20%20%20%20access%2C%20in%20the%20form%20of%20%3Cuser%3Apass%3E.%20This%20is%20equivalent%20to%20creating%20an%0A%20%20%20%20authfile%20with%20%7B%22%3Cuser%3Apass%3E%22%3A%20%5B%22%22%5D%7D.%0A%0A%20%20%20%20–proxy%2C%20Specifies%20another%20HTTP%20server%20to%20proxy%20requests%20to%20when%0A%20%20%20%20chisel%20receives%20a%20normal%20HTTP%20request.%20Useful%20for%20hiding%20chisel%20in%0A%20%20%20%20plain%20sight.%0A%0A%20%20%20%20–socks5%2C%20Allows%20client%20to%20access%20the%20internal%20SOCKS5%20proxy.%20See%0A%20%20%20%20chisel%20client%20–help%20for%20more%20information.%0A%0A%20%20%20%20–pid%20Generate%20pid%20file%20in%20current%20directory%0A%0A%20%20%20%20-v%2C%20Enable%20verbose%20logging%0A%0A%20%20%20%20–help%2C%20This%20help%20text%0A%0A%20%20Version%3A%0A%20%20%20%20X.Y.Z%0A%0A%20%20Read%20more%3A%0A%20%20%20%20https%3A%2F%2Fgithub.com%2Fjpillora%2Fchisel”/]

[pastacode lang=”markup” message=”” highlight=”” provider=”manual” manual=”%24%20chisel%20client%20–help%0A%0A%20%20Usage%3A%20chisel%20client%20%5Boptions%5D%20%3Cserver%3E%20%3Cremote%3E%20%5Bremote%5D%20%5Bremote%5D%20…%0A%0A%20%20%3Cserver%3E%20is%20the%20URL%20to%20the%20chisel%20server.%0A%0A%20%20%3Cremote%3Es%20are%20remote%20connections%20tunnelled%20through%20the%20server%2C%20each%20of%0A%20%20which%20come%20in%20the%20form%3A%0A%0A%20%20%20%20%3Clocal-host%3E%3A%3Clocal-port%3E%3A%3Cremote-host%3E%3A%3Cremote-port%3E%0A%0A%20%20%20%20%E2%96%A0%20local-host%20defaults%20to%200.0.0.0%20(all%20interfaces).%0A%20%20%20%20%E2%96%A0%20local-port%20defaults%20to%20remote-port.%0A%20%20%20%20%E2%96%A0%20remote-port%20is%20required*.%0A%20%20%20%20%E2%96%A0%20remote-host%20defaults%20to%200.0.0.0%20(server%20localhost).%0A%0A%20%20%20%20example%20remotes%0A%0A%20%20%20%20%20%203000%0A%20%20%20%20%20%20example.com%3A3000%0A%20%20%20%20%20%203000%3Agoogle.com%3A80%0A%20%20%20%20%20%20192.168.0.5%3A3000%3Agoogle.com%3A80%0A%20%20%20%20%20%20socks%0A%20%20%20%20%20%205000%3Asocks%0A%0A%20%20%20%20*When%20the%20chisel%20server%20has%20–socks5%20enabled%2C%20remotes%20can%0A%20%20%20%20specify%20%22socks%22%20in%20place%20of%20remote-host%20and%20remote-port.%0A%20%20%20%20The%20default%20local%20host%20and%20port%20for%20a%20%22socks%22%20remote%20is%0A%20%20%20%20127.0.0.1%3A1080.%20Connections%20to%20this%20remote%20will%20terminate%0A%20%20%20%20at%20the%20server’s%20internal%20SOCKS5%20proxy.%0A%0A%20%20Options%3A%0A%0A%20%20%20%20–fingerprint%2C%20A%20*strongly%20recommended*%20fingerprint%20string%0A%20%20%20%20to%20perform%20host-key%20validation%20against%20the%20server’s%20public%20key.%0A%20%20%20%20You%20may%20provide%20just%20a%20prefix%20of%20the%20key%20or%20the%20entire%20string.%0A%20%20%20%20Fingerprint%20mismatches%20will%20close%20the%20connection.%0A%0A%20%20%20%20–auth%2C%20An%20optional%20username%20and%20password%20(client%20authentication)%0A%20%20%20%20in%20the%20form%3A%20%22%3Cuser%3E%3A%3Cpass%3E%22.%20These%20credentials%20are%20compared%20to%0A%20%20%20%20the%20credentials%20inside%20the%20server’s%20–authfile.%20defaults%20to%20the%0A%20%20%20%20AUTH%20environment%20variable.%0A%0A%20%20%20%20–keepalive%2C%20An%20optional%20keepalive%20interval.%20Since%20the%20underlying%0A%20%20%20%20transport%20is%20HTTP%2C%20in%20many%20instances%20we’ll%20be%20traversing%20through%0A%20%20%20%20proxies%2C%20often%20these%20proxies%20will%20close%20idle%20connections.%20You%20must%0A%20%20%20%20specify%20a%20time%20with%20a%20unit%2C%20for%20example%20’30s’%20or%20’2m’.%20Defaults%0A%20%20%20%20to%20’0s’%20(disabled).%0A%0A%20%20%20%20–proxy%2C%20An%20optional%20HTTP%20CONNECT%20proxy%20which%20will%20be%20used%20reach%0A%20%20%20%20the%20chisel%20server.%20Authentication%20can%20be%20specified%20inside%20the%20URL.%0A%20%20%20%20For%20example%2C%20http%3A%2F%2Fadmin%3Apassword%40my-server.com%3A8081%0A%0A%20%20%20%20–pid%20Generate%20pid%20file%20in%20current%20directory%0A%0A%20%20%20%20-v%2C%20Enable%20verbose%20logging%0A%0A%20%20%20%20–help%2C%20This%20help%20text%0A%0A%20%20Version%3A%0A%20%20%20%20X.Y.Z%0A%0A%20%20Read%20more%3A%0A%20%20%20%20https%3A%2F%2Fgithub.com%2Fjpillora%2Fchisel”/]

More…

Source: https://github.com/jpillora/

Support Our Threat Intelligence

If you find our technology report and cybersecurity news helpful, consider supporting our work.

Buy Me a Coffee PayPal