How to use the command 'chisel' (with examples)
Chisel is a fast TCP/UDP tunnel, transported over HTTP and secured via SSH. This versatile tool is perfect for creating secure tunnels and proxies over the internet. It is highly useful for network administrators and developers who need to create tunnels and secure connections over HTTP. Chisel’s ability to act as both a client and a server in the same executable allows for great flexibility in various networking tasks, such as bypassing restrictions, accessing internal networks, and setting up secure communication channels.
Use case 1: Running a Chisel server
Code:
chisel server
Motivation:
Running a Chisel server enables you to accept incoming connections that can be tunneled to a remote location. This forms the backbone of setting up secure communication channels for remote access solutions or for forwarding data through less secure networks.
Explanation:
chisel server
: This command starts a Chisel server that listens for incoming client connections. By default, it listens on port 8080.
Example Output:
When the server is running, you might see:
2023/10/10 12:34:56 server: Listening on 0.0.0.0:8080...
Use case 2: Running a Chisel server on a specific port
Code:
chisel server -p 3000
Motivation:
Specifying a port allows the server to listen on a particular port that you can advertise to clients. This is particularly useful when you need to adhere to network regulations that only allow certain ports or when you aim to avoid conflicts with other applications.
Explanation:
chisel server
: Initiates the Chisel server.-p 3000
: Use this flag to set the server to listen on port 3000 instead of the default 8080.
Example Output:
2023/10/10 12:35:10 server: Listening on 0.0.0.0:3000...
Use case 3: Running a Chisel server with authentication
Code:
chisel server --auth user1:securepass
Motivation:
Adding authentication ensures that only authorized clients can connect to the server. This security measure is crucial in preventing unauthorized access and keeping your data safe from malicious attacks or eavesdropping.
Explanation:
chisel server
: Start the server process.--auth user1:securepass
: This argument requires incoming connections to authenticate using the username ‘user1’ and password ‘securepass’, adding a layer of security.
Example Output:
2023/10/10 12:36:22 server: Listening on 0.0.0.0:8080...
2023/10/10 12:36:22 server: Authentication enabled
Use case 4: Connecting a client and tunneling a port
Code:
chisel client 192.168.1.100:8080 8000:example.com:80
Motivation:
This setup is perfect for redirecting local traffic to a remote server, which is essential for accessing resources behind a firewall or NAT. It’s beneficial for developers working on integration tasks where local services need to communicate with remote servers.
Explanation:
chisel client 192.168.1.100:8080
: Connect to the Chisel server running at IP address ‘192.168.1.100’ and port ‘8080’.8000:example.com:80
: Tunnel traffic from local port ‘8000’ to the remote server ’example.com’ on port ‘80’.
Example Output:
2023/10/10 12:37:45 client: Connected to 192.168.1.100:8080
2023/10/10 12:37:45 client: Tunnel created from 8000 to example.com:80
Use case 5: Tunneling a specific host and port
Code:
chisel client 192.168.1.100:8080 localhost:8000:example.com:80
Motivation:
This allows you to specify not just a local port but a local host, which provides flexibility in multi-host environments, like testing, where a specific host interface is critical.
Explanation:
chisel client 192.168.1.100:8080
: Connects to the Chisel server.localhost:8000:example.com:80
: Specifies that traffic from ’localhost’ port ‘8000’ will be tunneled to ’example.com’ on port ‘80’.
Example Output:
2023/10/10 12:39:10 client: Established connection on 192.168.1.100:8080
2023/10/10 12:39:10 client: Local tunnel localhost:8000 to example.com:80 active
Use case 6: Connecting with authentication
Code:
chisel client --auth user1:securepass 192.168.1.100:8080 8000:example.com:80
Motivation:
Sometimes you need to ensure that only authenticated and secure connections are made from clients to the server, which is crucial for maintaining network integrity and confidentiality, especially when dealing with sensitive data.
Explanation:
chisel client --auth user1:securepass
: The client connects to the server using the given credentials for authentication.192.168.1.100:8080
: IP and port of the Chisel server.8000:example.com:80
: Sets up a tunnel from local port ‘8000’ to ’example.com’ port ‘80’.
Example Output:
2023/10/10 12:40:56 client: Authenticating with user1
2023/10/10 12:40:56 client: Connection and authentication to 192.168.1.100:8080 successful
2023/10/10 12:40:56 client: Tunnel active from 8000 to example.com:80
Use case 7: Chisel server in reverse mode with SOCKS5 proxy
Code:
chisel server -p 3000 --reverse --socks5
Motivation:
Running the server in reverse mode with SOCKS5 proxy enables more complex network configurations, such as allowing clients to initiate reverse connections to the server-side applications or services. This is useful for bypassing restrictive network environments by dynamically routing traffic.
Explanation:
chisel server
: Starts the server.-p 3000
: Listen on port 3000.--reverse
: Allows clients to request reverse tunneling.--socks5
: Enables a SOCKS5 proxy on the server, typically used on port 1080 by default.
Example Output:
2023/10/10 12:42:15 server: Listening on 0.0.0.0:3000, reverse and SOCKS5 proxy enabled
Use case 8: Creating a reverse tunnel with a SOCKS proxy
Code:
chisel client 192.168.1.100:3000 R:socks
Motivation:
This setup creates a reverse tunnel to a server using a local SOCKS proxy, perfect for accessing remote networks through a secure, encrypted connection. Applying a SOCKS proxy provides a more flexible and comprehensive networking option for handling different types of traffic.
Explanation:
chisel client 192.168.1.100:3000
: Establish connection to the Chisel server.R:socks
: Configures the client to set up a reverse tunnel locally using a SOCKS proxy.
Example Output:
2023/10/10 12:43:30 client: Connected to 192.168.1.100:3000
2023/10/10 12:43:30 client: Reverse SOCKS tunnel active
Conclusion:
Chisel is a powerful tool for network administrators and developers seeking to implement secure tunnels over HTTP. The examples above illustrate various usage scenarios that demonstrate Chisel’s versatility in addressing network challenges, enhancing security, and providing robust solutions for accessing remote services and bypassing network restrictions effectively.