{"id":3173,"date":"2019-02-13T02:56:14","date_gmt":"2019-02-13T02:56:14","guid":{"rendered":"http:\/\/www.pir8geek.com\/?p=3173"},"modified":"2019-02-13T02:56:14","modified_gmt":"2019-02-13T02:56:14","slug":"fast-tcp-tunnel-over-http-chisel","status":"publish","type":"post","link":"https:\/\/www.jameseduard.com\/?p=3173","title":{"rendered":"Fast TCP tunnel over HTTP: Chisel"},"content":{"rendered":"\n\n<p>[vc_row][vc_column][vc_column_text]<\/p>\n<p class=\"wp-block-paragraph\">Chisel is a fast TCP tunnel, transported over HTTP, secured via SSH. Single executable including both client and server. Written in Go (golang). Chisel is mainly useful for passing through firewalls, though it can also be used to provide a secure endpoint into your network. Chisel is very similar to\u00a0<a href=\"https:\/\/github.com\/q3k\/crowbar\">crowbar<\/a>\u00a0though achieves\u00a0<strong>much<\/strong>\u00a0higher\u00a0<a href=\"https:\/\/github.com\/jpillora\/chisel#performance\">performance<\/a>.<\/p>\n\n<p>&nbsp;<\/p>\n\n<figure class=\"wp-block-image\"><img decoding=\"async\" class=\"wp-image-3174\" src=\"http:\/\/www.pir8geek.com\/wp-content\/uploads\/2019\/02\/chiseltunnel.jpg\" alt=\"\" \/><\/figure>\n\n<p>&nbsp;<\/p>\n\n<h3 class=\"wp-block-heading\">Features<\/h3>\n\n<p>&nbsp;<\/p>\n\n<ul class=\"wp-block-list\">\n<li>Easy to use<\/li>\n<li><a href=\"https:\/\/github.com\/jpillora\/chisel#performance\">Performant<\/a>*<\/li>\n<li><a href=\"https:\/\/github.com\/jpillora\/chisel#security\">Encrypted connections<\/a>\u00a0using the SSH protocol (via\u00a0<code>crypto\/ssh<\/code>)<\/li>\n<li><a href=\"https:\/\/github.com\/jpillora\/chisel#authentication\">Authenticated connections<\/a>; authenticated client connections with a users config file, authenticated server connections with fingerprint matching.<\/li>\n<li>Client auto-reconnects with\u00a0<a href=\"https:\/\/github.com\/jpillora\/backoff\">exponential backoff<\/a><\/li>\n<li>Client can create multiple tunnel endpoints over one TCP connection<\/li>\n<li>Client can optionally pass through HTTP CONNECT proxies<\/li>\n<li>Server optionally doubles as a\u00a0<a href=\"http:\/\/golang.org\/pkg\/net\/http\/httputil\/#NewSingleHostReverseProxy\">reverse proxy<\/a><\/li>\n<li>Server optionally allows\u00a0<a href=\"https:\/\/en.wikipedia.org\/wiki\/SOCKS\">SOCKS5<\/a>\u00a0connections (See\u00a0<a href=\"https:\/\/github.com\/jpillora\/chisel#socks5-guide\">guide below<\/a>)<\/li>\n<li>Reverse port forwarding<\/li>\n<\/ul>\n\n<p>To Install Chisel<\/p>\n\n<p>Binaries:<\/p>\n<p class=\"wp-block-paragraph\">Check\u00a0<a href=\"https:\/\/github.com\/jpillora\/chisel\/releases\/latest\">the latest release<\/a>\u00a0or download and install it now with<\/p>\n\n<p>&nbsp;<\/p>\n\n<pre class=\"wp-block-code\"><code>curl https:\/\/i.jpillora.com\/chisel! | bash <\/code><\/pre>\n\n<p>&nbsp;<\/p>\n\n<p class=\"wp-block-paragraph\">Docker<\/p>\n\n<p>&nbsp;<\/p>\n\n<pre class=\"wp-block-code\"><code>docker run --rm -it jpillora\/chisel --help<\/code><\/pre>\n\n<p><strong>Source<\/strong><\/p>\n\n<p>&nbsp;<\/p>\n\n<pre class=\"wp-block-code\"><code>$ go get -v github.com\/jpillora\/chisel<\/code><\/pre>\n\n<p>Demo:<br \/>A\u00a0<a href=\"https:\/\/chisel-demo.herokuapp.com\/\">demo app<\/a>\u00a0on Heroku is running this\u00a0<code>chisel server<\/code>:<\/p>\n\n<p>&nbsp;<\/p>\n\n<pre class=\"wp-block-code\"><code>$ chisel server --port $PORT --proxy http:\/\/example.com\n# listens on $PORT, proxy web requests to http:\/\/example.com<\/code><\/pre>\n\n<p>Chisel Usage:<\/p>\n\n<p>&nbsp;<\/p>\n\n<pre class=\"wp-block-code\"><code>$ chisel --help\n\n   Usage: chisel [command] [--help]\n\n   Version: X.Y.Z\n\n   Commands:\n     server - runs chisel in server mode\n     client - runs chisel in client mode\n\n   Read more:\n     https:\/\/github.com\/jpillora\/chisel<\/code><\/pre>\n\n<p>&nbsp;<\/p>\n\n<h3 class=\"wp-block-heading\">Security<\/h3>\n\n<p>Encryption is always enabled. When you start up a chisel server, it will generate an in-memory ECDSA public\/private key pair. The public key fingerprint will be displayed as the server starts. Instead of generating a random key, the server may optionally specify a key seed, using the\u00a0<code>--key<\/code>\u00a0option, which will be used to seed the key generation. When clients connect, they will also display the server&#8217;s public key fingerprint. The client can force a particular fingerprint using the\u00a0<code>--fingerprint<\/code>\u00a0option. See the\u00a0<code>--help<\/code>\u00a0above for more information.<\/p>\n\n<p>&nbsp;<\/p>\n\n<h3 class=\"wp-block-heading\">Authentication<\/h3>\n\n<p>Using the\u00a0<code>--authfile<\/code>\u00a0option, the server may optionally provide a\u00a0<code>user.json<\/code>\u00a0configuration file to create a list of accepted users. The client then authenticates using the\u00a0<code>--auth<\/code>\u00a0option. See\u00a0<a href=\"https:\/\/github.com\/jpillora\/chisel\/blob\/master\/example\/users.json\">users.json<\/a>\u00a0for an example authentication configuration file. See the\u00a0<code>--help<\/code>\u00a0above for more information.<\/p>\n\n<p>Internally, this is done using the\u00a0<em>Password<\/em>\u00a0authentication method provided by SSH. Learn more about\u00a0<code>crypto\/ssh<\/code>\u00a0here\u00a0<a href=\"http:\/\/blog.gopheracademy.com\/go-and-ssh\/\">http:\/\/blog.gopheracademy.com\/go-and-ssh\/<\/a>.<\/p>\n\n<p>&nbsp;<\/p>\n\n<p>&nbsp;<\/p>\n<p>[\/vc_column_text][vc_btn title=&#8221;Download at Github&#8221; align=&#8221;center&#8221; i_icon_fontawesome=&#8221;fa fa-download&#8221; add_icon=&#8221;true&#8221; link=&#8221;url:https%3A%2F%2Fgithub.com%2Fjpillora%2Fchisel||target:%20_blank|&#8221;][\/vc_column][\/vc_row]<\/p>","protected":false},"excerpt":{"rendered":"<p>[vc_row][vc_column][vc_column_text] Chisel is a fast TCP tunnel, transported over HTTP, secured via SSH. Single executable including both client and server. Written in Go (golang). Chisel is mainly useful for passing through firewalls, though it can also be used to provide a secure endpoint into your network. Chisel is very similar to\u00a0crowbar\u00a0though achieves\u00a0much\u00a0higher\u00a0performance. &nbsp; &nbsp; Features<\/p>\n","protected":false},"author":1,"featured_media":3174,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[23,620],"tags":[771,348,772,304,773,774],"class_list":["post-3173","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-linux","category-security","tag-chisel","tag-proxies","tag-socks","tag-ssh","tag-tcptunnel","tag-tunnel"],"_links":{"self":[{"href":"https:\/\/www.jameseduard.com\/index.php?rest_route=\/wp\/v2\/posts\/3173","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.jameseduard.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.jameseduard.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.jameseduard.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.jameseduard.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=3173"}],"version-history":[{"count":0,"href":"https:\/\/www.jameseduard.com\/index.php?rest_route=\/wp\/v2\/posts\/3173\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.jameseduard.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=3173"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.jameseduard.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=3173"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.jameseduard.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=3173"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}