top of page
  • Writer's pictureTimmy TSENG

Chisel secure tunneling tool

introduce

Chisel is an open source tool for creating secure tunnels over HTTP(S) connections. It uses a client-server architecture to establish a tunnel between two endpoints so that traffic can pass securely. Chisel is lightweight and easy to use.


working principle

Chisel works by creating a client-server connection over HTTP(S). The client is a small binary file running on the local system, and the server is a web server that can be hosted anywhere. The client establishes a connection to the server over HTTP(S) and then sends a request to create a tunnel to the server.

Once the tunnel is established, all traffic between the client and server is encrypted and sent through the tunnel. This means that even if an attacker intercepts the traffic, they will not be able to read it. The server acts as a proxy, forwarding traffic between the client and the target endpoint.


Verification method

Supports multiple authentication methods to ensure that only authorized clients can establish a connection. By default, Chisel uses a shared key for client authentication. The client must provide the correct key when establishing a connection, otherwise the connection will be rejected.


HTTPS Verification

Chisel can also be configured to use SSL/TLS for additional security. When SSL/TLS is enabled, Chisel will use self-signed certificates by default. However, users can provide their own certificates for additional security.


Server


chisel server -p 443 --reverse

Client


chisel client 35.236.161.97:443 R:socks

0 views0 comments

Recent Posts

See All

Windows adds a digital signature to exe

Generate a self-signed root certificate makecert -n "CN=Microfost Windows" -r -sv Root.pvk Root.cer This command uses the makecert tool to create a self-signed root certificate with the certificate na

AMON-Eye: Advanced Malware Toolkit

Overview In today's digital world, cyber threats have become increasingly serious, and malware attacks have posed a huge threat to the data security of organizations and individuals. Cobaltstrike is a

תגובות


bottom of page