LinuxCommandLibrary

chisel

TCP/UDP port forwarding over SSH

TLDR

Run a Chisel server

$ chisel server
copy

Run a Chisel server listening to a specific port
$ chisel server -p [server_port]
copy

Run a chisel server that accepts authenticated connections using username and password
$ chisel server --auth [username]:[password]
copy

Connect to a Chisel server and tunnel a specific port to a remote server and port
$ chisel client [server_ip]:[server_port] [local_port]:[remote_server]:[remote_port]
copy

Connect to a Chisel server and tunnel a specific host and port to a remote server and port
$ chisel client [server_ip]:[server_port] [local_host]:[local_port]:[remote_server]:[remote_port]
copy

Connect to a Chisel server using username and password authentication
$ chisel client --auth [username]:[password] [server_ip]:[server_port] [local_port]:[remote_server]:[remote_port]
copy

Initialize a Chisel server in reverse mode on a specific port, also enabling SOCKS5 proxy (on port 1080) functionality
$ chisel server -p [server_port] --reverse --socks5
copy

Connect to a Chisel server at specific IP and port, creating a reverse tunnel mapped to a local SOCKS proxy
$ chisel client [server_ip]:[server_port] R:socks
copy

SYNOPSIS

chisel server --port {port} [options]
chisel client {server_address}:{server_port} {tunnel_definition} [options]

PARAMETERS

server --port {port}
    Starts the chisel server listening on the specified port. The server acts as the entry point for client connections.

client {server_address}:{server_port} {tunnel_definition}
    Connects to the chisel server at the specified address and port, and establishes the specified tunnels.

{tunnel_definition}
    Specifies the tunnel configuration. This typically involves defining local and remote endpoints for port forwarding. Example: `R:8080:127.0.0.1:80` (Remote forward: Server listen on port 8080, and forwards to 127.0.0.1:80 from clients perspective)

--reverse
    Run in reverse mode (only available for the client) for more complex setups.

--auth {user:password}
    Enable basic authentication for the server. Requires clients to provide valid credentials to connect.

--keepalive {duration}
    Sets the keepalive interval in seconds. Defaults to 25s, set to 0 to disable keepalive

--max-retry-count {number}
    Sets the maximum number of retry attempts to connect to the server before giving up. Defaults to 3.

--proxy {proxy_address}
    Use an HTTP proxy to connect to the server. Supported schemes are http, https and socks5.

--verbose
    Enable verbose logging output.

DESCRIPTION

chisel is a fast TCP/UDP tunnel over HTTP. It is primarily used for forwarding ports and creating secure tunnels through restrictive firewalls. Chisel operates as a client-server application, with the server typically running on a publicly accessible machine and the client running behind the firewall.

It establishes a persistent connection, allowing for reliable and efficient tunneling of traffic. Unlike simple SSH port forwarding, chisel offers more flexibility in terms of dynamic port assignments and multiple concurrent tunnels. It is commonly used for penetration testing, bypassing network restrictions, and accessing internal services from external networks. Chisel is written in Go, making it portable and easy to deploy on various platforms.

CAVEATS

Chisel relies on a stable network connection. Intermittent connectivity can disrupt tunnels. Authentication should be used to secure chisel servers from unauthorized access.

TUNNEL DEFINITIONS

chisel uses tunnel definitions to specify the direction and endpoints of traffic flow.
Local Forwarding: L:[bind_address:]bind_port:host:host_port
Remote Forwarding: R:[bind_address:]bind_port:host:host_port
Dynamic Forwarding: D:[bind_address:]bind_port

REVERSE CHISEL

Reverse chisel provides ability to bypass firewall that blocks incoming connections. This is achived by using single tunnel with multiple sessions. This mode activated with --reverse flag during server configuration. The reverse port mappings are available via client connect.

SEE ALSO

ssh(1), socat(1), ncat(1)

Copied to clipboard