Post

Chisel Forwarding

Posted
By x3ric
2 min read

This guide provides step-by-step instructions on how to set up and use Chisel for tunneling traffic and accessing remote services. It also covers how to configure proxychains to route traffic through the tunnel.

What is Chisel?

Chisel is a fast TCP/UDP tunnel, transported over HTTP, secured via SSH. It can be used for port forwarding, SOCKS proxying, and more. Chisel runs in two modes:

  1. Server mode: Receives traffic and forwards it.
  2. Client mode: Forwards traffic to the server.

Installation

1. Download and Install Chisel

To install Chisel, run the following command:

1

curl https://i.jpillora.com/chisel! | bash

If you want to copy the chisel binary to a different location (e.g., serving it from a web server), use:

1

cp /usr/local/bin/chisel ~/.local/www/chisel

You can host it using a Python HTTP server:

1

python3 -m http.server 8000

2. Get Your VPN IP

If you’re using a VPN (e.g., HackTheBox or TryHackMe), you can find your VPN’s local IP address with:

1

vpn=$(ip a | grep -A 2 "tun0:" | grep -oP '(?<=inet\s)\d+(\.\d+){3}')

This stores your VPN IP address in the vpn variable, which will be used to set up the chisel client.

Setting Up Chisel

1. Starting Chisel in Server Mode

On your server (e.g., your local machine), run Chisel in reverse mode to allow clients to connect.

Example 1: Running Chisel Server for Reverse Port Forwarding

1

chisel server -p 1080 --reverse
  • -p 1080: Specifies the port the server listens on.
  • --reverse: Enables reverse port forwarding, allowing the client to specify which ports to forward.

2. Starting Chisel Client for Port Forwarding

On the client machine, connect to the Chisel server (replace $vpn with your actual VPN IP):

1

./chisel client $vpn:1080 R:8080:127.0.0.1:8080
  • $vpn:1080: The Chisel server’s IP address and port.
  • R:8080:127.0.0.1:8080: This forwards port 8080 on the client machine to port 8080 on the server’s localhost.

3. Setting Up Chisel as a SOCKS5 Proxy

To set up Chisel as a SOCKS5 proxy, use the following command:

1

chisel server --socks5 --reverse -p 1080

On the client machine, connect to the SOCKS5 server:

1

./chisel client $vpn:1080 R:socks

This will tunnel all traffic through a SOCKS5 proxy running on port 1080.

Using Proxychains with Chisel

You can route specific traffic through the Chisel SOCKS5 proxy using proxychains-ng.

1. Install Proxychains

You can install proxychains-ng using your package manager (e.g., yay on Arch-based systems):

1

yay proxychains-ng

2. Configure Proxychains

Open the proxychains configuration file:

1

sudo nano /etc/proxychains.conf

At the end of the file, add the following line to route traffic through the SOCKS5 proxy on port 1080:

1

socks5 127.0.0.1 1080

3. Using Proxychains

Once configured, you can use proxychains to route specific commands through Chisel SOCKS5. For example:

1

proxychains curl http://example.com

You can also use proxychains with other commands like nmap, wget, or any program that supports network connections. For example:

1

proxychains nmap -sT -Pn example.com
tools
tools
This post is licensed under CC BY 4.0 by the author.