• Home
  • Become a Hacker
    • Get Started
    • Hacker Mindset
    • Roadmap
    • Simple Setup – Hacker 101
    • Types of Hackers
    • Recommended Courses
  • Boot People Offline
  • Courses
    • All Hacking Courses
    • Cyber Security School
  • CTF
    • Beginners to Advanced Guide
    • Create your own CTF box
    • Field and Resources Guide
    • Platforms & Wargames
    • Tools Used for Solving CTF
    • Writeups
  • Dark Web
    • Beginners Guide
    • Darknet Markets
    • Darkweb 101 (Anonymity Guide)
    • Dark Web OSINT Tools
    • Hacking Forums
    • Latest News
    • Onion Links
  • Hacker Gadgets
  • Hacking Books
  • Tools Directory
Menu
  • Home
  • Become a Hacker
    • Get Started
    • Hacker Mindset
    • Roadmap
    • Simple Setup – Hacker 101
    • Types of Hackers
    • Recommended Courses
  • Boot People Offline
  • Courses
    • All Hacking Courses
    • Cyber Security School
  • CTF
    • Beginners to Advanced Guide
    • Create your own CTF box
    • Field and Resources Guide
    • Platforms & Wargames
    • Tools Used for Solving CTF
    • Writeups
  • Dark Web
    • Beginners Guide
    • Darknet Markets
    • Darkweb 101 (Anonymity Guide)
    • Dark Web OSINT Tools
    • Hacking Forums
    • Latest News
    • Onion Links
  • Hacker Gadgets
  • Hacking Books
  • Tools Directory
Search
Close
  • Home
  • 2018
  • September
  • 8
  • Chisel – Fast TCP tunnel over HTTP

Chisel – Fast TCP tunnel over HTTP

September 8, 2018July 27, 2019 Comments Off on Chisel – Fast TCP tunnel over HTTP
chisel crowbar alternatives how to use chisel tcp tunnel over http

Chisel is a fast TCP tunnel, transported over HTTP, secured via SSH.

Single executable including both client and server. Written in Go (Golang). Chisel is mainly useful for passing through firewalls, though it can also be used to provide a secure endpoint into your network. Chisel is very similar to crowbar though achieves much higher performance.

 

 

Features

  • Easy to use
  • Performant*
  • Encrypted connections using the SSH protocol (via crypto/ssh)
  • Authenticated connections; authenticated client connections with a users config file, authenticated server connections with fingerprint matching.
  • Client auto-reconnects with exponential backoff
  • Client can create multiple tunnel endpoints over one TCP connection
  • Client can optionally pass through HTTP CONNECT proxies
  • Server optionally doubles as a reverse proxy
  • Server optionally allows SOCKS5 connections (See guide below)

 

Usage

$ chisel --help

   Usage: chisel [command] [--help]

   Version: X.Y.Z

   Commands:
     server - runs chisel in server mode
     client - runs chisel in client mode

   Read more:
     https://github.com/jpillora/chisel

 

Security

Encryption is always enabled. When you start up a chisel server, it will generate an in-memory ECDSA public/private key pair. The public key fingerprint will be displayed as the server starts. Instead of generating a random key, the server may optionally specify a key seed, using the --key option, which will be used to seed the key generation. When clients connect, they will also display the server’s public key fingerprint. The client can force a particular fingerprint using the --fingerprint option. See the --help above for more information.

 

Authentication

Using the --authfile option, the server may optionally provide a user.json configuration file to create a list of accepted users. The client then authenticates using the --auth option. See users.json for an example authentication configuration file. See the --help above for more information.

 

Known Issues

  • WebSockets support is required
    • IaaS providers all will support WebSockets
      • Unless an unsupporting HTTP proxy has been forced in front of you, in which case I’d argue that you’ve been downgraded to PaaS.
    • PaaS providers vary in their support for WebSockets
      • Heroku has full support
      • Openshift has full support though connections are only accepted on ports 8443 and 8080
      • Google App Engine has no support (Track this on their repo)

 

Fast TCP tunnel over HTTP: chisel Download


Post navigation

Tor Browser 8.0 – Everything you Need to Safely Browse the Internet
Nemesis – A Command Line Network Packet Crafting & Injecting Utility

Related Articles

CRLFsuite: Fast CRLF injection scanning tool

CRLFsuite: Fast CRLF injection scanning tool

- Hack Tools
May 26, 2022
offensive azure: Collection of offensive tools targeting Microsoft Azure

offensive azure: Collection of offensive tools targeting Microsoft Azure

- Hack Tools
May 26, 2022
Frida-Ios-Hook - A Tool That Helps You Easy Trace Classes, Functions, And Modify The Return Values Of Methods On iOS Platform

Frida-Ios-Hook – A Tool That Helps You Easy Trace Classes, Functions, And Modify The Return Values Of Methods On iOS Platform

- Hack Tools
May 26, 2022
hacker gadgets
hacker phone covers

Recent Posts

CRLFsuite: Fast CRLF injection scanning tool

CRLFsuite: Fast CRLF injection scanning tool

May 26, 2022
offensive azure: Collection of offensive tools targeting Microsoft Azure

offensive azure: Collection of offensive tools targeting Microsoft Azure

May 26, 2022
Frida-Ios-Hook - A Tool That Helps You Easy Trace Classes, Functions, And Modify The Return Values Of Methods On iOS Platform

Frida-Ios-Hook – A Tool That Helps You Easy Trace Classes, Functions, And Modify The Return Values Of Methods On iOS Platform

May 26, 2022
PSA: Serious Security Vulnerability in Tor Browser

PSA: Serious Security Vulnerability in Tor Browser

May 25, 2022
DroidDetective - A Machine Learning Malware Analysis Framework For Android Apps

DroidDetective – A Machine Learning Malware Analysis Framework For Android Apps

May 25, 2022
Jeeves: looking to Time-Based Blind SQLInjection through recon

Jeeves: looking to Time-Based Blind SQLInjection through recon

May 25, 2022

Social Media Hacking

SocialPath – Track users across Social Media Platforms

SocialPath – Track users across Social Media Platforms

- Social Media Hacking
October 16, 2019October 16, 2019

SocialPath is a django application for gathering social media intelligence on specific username. It checks for Twitter, Instagram, Facebook, Reddit...

SocialScan – Check Email Address and Username Availability on Online Platforms

SocialScan – Check Email Address and Username Availability on Online Platforms

June 17, 2019
Shellphish – Phishing Tool For 18 Social Media Apps

Shellphish – Phishing Tool For 18 Social Media Apps

June 10, 2019July 27, 2019
WhatsApp Hacking using QRLJacking

WhatsApp Hacking using QRLJacking

May 2, 2019May 19, 2019
How to Hack any Facebook Account with Z-Shadow

How to Hack any Facebook Account with Z-Shadow

April 26, 2019June 29, 2020
hacker buffs
ABOUT US

Haxf4rall is a collective, a good starting point and provides a variety of quality material for cyber security professionals.

Our primary focus revolves around the latest tools released in the Infosec community and provide a platform for developers to showcase their skillset and current projects.

COMPANY
  • Contact Us
  • Disclaimer
  • Hacker Gadgets
  • LANC Remastered
  • PCPS IP Puller
  • Privacy Policy
  • Sitemap
  • Submit your Tool
Menu
  • Contact Us
  • Disclaimer
  • Hacker Gadgets
  • LANC Remastered
  • PCPS IP Puller
  • Privacy Policy
  • Sitemap
  • Submit your Tool
Live Chat
RESOURCES
  • Attack Process
  • Become a Hacker
  • Career Pathways
  • Dark Web
  • Hacking Books
  • Practice Your Skills
  • Recommended Courses
  • Simple Setup – Hacker 101
Menu
  • Attack Process
  • Become a Hacker
  • Career Pathways
  • Dark Web
  • Hacking Books
  • Practice Your Skills
  • Recommended Courses
  • Simple Setup – Hacker 101
Get Started
TOOLBOX
  • Anonymity
  • Bruteforce
  • DoS – Denial of Service
  • Information Gathering
  • Phishing
  • SQL Injection
  • Vulnerability Scanners
  • Wifi Hacking
Menu
  • Anonymity
  • Bruteforce
  • DoS – Denial of Service
  • Information Gathering
  • Phishing
  • SQL Injection
  • Vulnerability Scanners
  • Wifi Hacking
Tools Directory

2014 – 2020 | Haxf4rall.com               Stay Connected:

Facebook Twitter Google-plus Wordpress
Please wait...

Join Our Community

Subscribe now and get your free HACKERS HANDBOOK

Don't Worry ! You will not be spammed
SIGN UP FOR NEWSLETTER NOW