Chisel: Network Tunneling On Steroids

Port Forwarding and SOCKS Proxies

Hello, World! On a recent pentest, I compromised a Windows machine that only allowed inbound traffic and not outbound, which was odd because it's normally the other way around. However, I wanted to see what other machines were on the network from the perspective of the compromised host, so I transferred chisel onto the target machine and created a SOCKS proxy that I could use with Proxychains to proxy my Nmap traffic. In this article, I will show you how to use chisel for both port forwarding and creating SOCKS proxies. Let’s go for it!

Building Chisel

I typically always have a Windows and Linux binary of chisel on my attacking machine so in this section I do a quick demo on how to build chisel for both Windows and Linux.

Note: You will need to have Go and Git installed on your machine — check out this article I wrote which includes steps showing you how to install Go on Linux. Git can be installed using your favorite distros package manager like this: sudo apt -y install git

Before we build chisel , let’s clone the chisel repository with the following commands:

sudo git clone https://github.com/jpillora/chisel.git /opt/chisel
cd /opt/chisel