chisel

TCP/UDP tunnel over HTTP secured via SSH

TLDR

Start server

$ chisel server --port [8080]

Start server with authentication

$ chisel server --authfile [users.json]

Connect client with port forward

$ chisel client [server:8080] [local:3000:remote:80]

Reverse tunnel

$ chisel client [server:8080] R:[remote:8001:local:80]

SOCKS5 proxy

$ chisel client [server:8080] socks

Connect via HTTPS

$ chisel client https://[server] [8080:localhost:80]

SYNOPSIS

chisel server [options]
chisel client [options] server remote...

chisel is a fast TCP/UDP tunnel transported over HTTP and secured via SSH. A single executable contains both client and server functionality. It uses WebSockets to multiplex connections, allowing multiple tunnels through a single HTTP connection.
The tool is useful for traversing firewalls, accessing services behind NAT, and creating reverse tunnels. It supports forward and reverse port forwarding as well as SOCKS5 proxy mode. Authentication can be configured with username/password pairs or an authentication file. Written in Go.

SERVER OPTIONS

--port port

Listening port (default: 8080)

--host host

Listening interface

--authfile file

User authentication file

--auth user:pass

Single user authentication

--reverse

Allow reverse tunneling

--keepalive duration

Keepalive interval

--tls-key / --tls-cert

TLS key and certificate

CLIENT OPTIONS

--auth user:pass

Authentication credentials

--fingerprint hash

Server fingerprint for verification

--keepalive duration

Keepalive interval

REMOTE SYNTAX

$ local-host:local-port:remote-host:remote-port/protocol

R: prefix for reverse tunnels

CAVEATS

Useful for bypassing firewalls. WebSocket support varies by PaaS provider. Install: curl https://i.jpillora.com/chisel! | bash