Chisel is a fast TCP/UDP tunnel, transported over HTTP, secured via SSH.

Related tags

tunnel golang http tcp
Overview

chisel

GoDoc CI

Chisel is a fast TCP/UDP tunnel, transported over HTTP, secured via SSH. Single executable including both client and server. Written in Go (golang). Chisel is mainly useful for passing through firewalls, though it can also be used to provide a secure endpoint into your network.

overview

Features

  • Easy to use
  • Performant*
  • Encrypted connections using the SSH protocol (via crypto/ssh)
  • Authenticated connections; authenticated client connections with a users config file, authenticated server connections with fingerprint matching.
  • Client auto-reconnects with exponential backoff
  • Clients can create multiple tunnel endpoints over one TCP connection
  • Clients can optionally pass through SOCKS or HTTP CONNECT proxies
  • Reverse port forwarding (Connections go through the server and out the client)
  • Server optionally doubles as a reverse proxy
  • Server optionally allows SOCKS5 connections (See guide below)
  • Clients optionally allow SOCKS5 connections from a reversed port forward
  • Client connections over stdio which supports ssh -o ProxyCommand providing SSH over HTTP

Install

Binaries

Releases Releases

See the latest release or download and install it now with curl https://i.jpillora.com/chisel! | bash

Docker

Docker Pulls Image Size

docker run --rm -it jpillora/chisel --help

Fedora

The package is maintained by the Fedora community. If you encounter issues related to the usage of the RPM, please use this issue tracker.

sudo dnf -y install chisel

Source

$ go get -v github.com/jpillora/chisel

Demo

A demo app on Heroku is running this chisel server:

$ chisel server --port $PORT --proxy http://example.com
# listens on $PORT, proxy web requests to http://example.com

This demo app is also running a simple file server on :3000, which is normally inaccessible due to Heroku's firewall. However, if we tunnel in with:

$ chisel client https://chisel-demo.herokuapp.com 3000
# connects to chisel server at https://chisel-demo.herokuapp.com,
# tunnels your localhost:3000 to the server's localhost:3000

and then visit localhost:3000, we should see a directory listing. Also, if we visit the demo app in the browser we should hit the server's default proxy and see a copy of example.com.

Usage

$ chisel --help

  Usage: chisel [command] [--help]

  Version: X.Y.Z

  Commands:
    server - runs chisel in server mode
    client - runs chisel in client mode

  Read more:
    https://github.com/jpillora/chisel

$ chisel server --help

  Usage: chisel server [options]

  Options:

    --host, Defines the HTTP listening host – the network interface
    (defaults the environment variable HOST and falls back to 0.0.0.0).

    --port, -p, Defines the HTTP listening port (defaults to the environment
    variable PORT and fallsback to port 8080).

    --key, An optional string to seed the generation of a ECDSA public
    and private key pair. All communications will be secured using this
    key pair. Share the subsequent fingerprint with clients to enable detection
    of man-in-the-middle attacks (defaults to the CHISEL_KEY environment
    variable, otherwise a new key is generate each run).

    --authfile, An optional path to a users.json file. This file should
    be an object with users defined like:
      {
        "": ["",""]
      }
    when  connects, their  will be verified and then
    each of the remote addresses will be compared against the list
    of address regular expressions for a match. Addresses will
    always come in the form ":" for normal remotes
    and "R::" for reverse port forwarding
    remotes. This file will be automatically reloaded on change.

    --auth, An optional string representing a single user with full
    access, in the form of . It is equivalent to creating an
    authfile with {"": [""]}. If unset, it will use the
    environment variable AUTH.

    --keepalive, An optional keepalive interval. Since the underlying
    transport is HTTP, in many instances we'll be traversing through
    proxies, often these proxies will close idle connections. You must
    specify a time with a unit, for example '5s' or '2m'. Defaults
    to '25s' (set to 0s to disable).

    --backend, Specifies another HTTP server to proxy requests to when
    chisel receives a normal HTTP request. Useful for hiding chisel in
    plain sight.

    --socks5, Allow clients to access the internal SOCKS5 proxy. See
    chisel client --help for more information.

    --reverse, Allow clients to specify reverse port forwarding remotes
    in addition to normal remotes.

    --tls-key, Enables TLS and provides optional path to a PEM-encoded
    TLS private key. When this flag is set, you must also set --tls-cert,
    and you cannot set --tls-domain.

    --tls-cert, Enables TLS and provides optional path to a PEM-encoded
    TLS certificate. When this flag is set, you must also set --tls-key,
    and you cannot set --tls-domain.

    --tls-domain, Enables TLS and automatically acquires a TLS key and
    certificate using LetsEncypt. Setting --tls-domain requires port 443.
    You may specify multiple --tls-domain flags to serve multiple domains.
    The resulting files are cached in the "$HOME/.cache/chisel" directory.
    You can modify this path by setting the CHISEL_LE_CACHE variable,
    or disable caching by setting this variable to "-". You can optionally
    provide a certificate notification email by setting CHISEL_LE_EMAIL.

    --tls-ca, a path to a PEM encoded CA certificate bundle or a directory
    holding multiple PEM encode CA certificate bundle files, which is used to 
    validate client connections. The provided CA certificates will be used 
    instead of the system roots. This is commonly used to implement mutual-TLS. 

    --pid Generate pid file in current working directory

    -v, Enable verbose logging

    --help, This help text

  Signals:
    The chisel process is listening for:
      a SIGUSR2 to print process stats, and
      a SIGHUP to short-circuit the client reconnect timer

  Version:
    X.Y.Z

  Read more:
    https://github.com/jpillora/chisel

$ chisel client --help

  Usage: chisel client [options]   [remote] [remote] ...

   is the URL to the chisel server.

  s are remote connections tunneled through the server, each of
  which come in the form:

    :::/

    ■ local-host defaults to 0.0.0.0 (all interfaces).
    ■ local-port defaults to remote-port.
    ■ remote-port is required*.
    ■ remote-host defaults to 0.0.0.0 (server localhost).
    ■ protocol defaults to tcp.

  which shares : from the server to the client
  as :, or:

    R::::/

  which does reverse port forwarding, sharing :
  from the client to the server's :.

    example remotes

      3000
      example.com:3000
      3000:google.com:80
      192.168.0.5:3000:google.com:80
      socks
      5000:socks
      R:2222:localhost:22
      R:socks
      R:5000:socks
      stdio:example.com:22
      1.1.1.1:53/udp

    When the chisel server has --socks5 enabled, remotes can
    specify "socks" in place of remote-host and remote-port.
    The default local host and port for a "socks" remote is
    127.0.0.1:1080. Connections to this remote will terminate
    at the server's internal SOCKS5 proxy.

    When the chisel server has --reverse enabled, remotes can
    be prefixed with R to denote that they are reversed. That
    is, the server will listen and accept connections, and they
    will be proxied through the client which specified the remote.
    Reverse remotes specifying "R:socks" will listen on the server's
    default socks port (1080) and terminate the connection at the
    client's internal SOCKS5 proxy.

    When stdio is used as local-host, the tunnel will connect standard
    input/output of this program with the remote. This is useful when 
    combined with ssh ProxyCommand. You can use
      ssh -o ProxyCommand='chisel client chiselserver stdio:%h:%p' \
          [email protected]
    to connect to an SSH server through the tunnel.

  Options:

    --fingerprint, A *strongly recommended* fingerprint string
    to perform host-key validation against the server's public key.
	Fingerprint mismatches will close the connection.
	Fingerprints are generated by hashing the ECDSA public key using
	SHA256 and encoding the result in base64.
	Fingerprints must be 44 characters containing a trailing equals (=).

    --auth, An optional username and password (client authentication)
    in the form: ":". These credentials are compared to
    the credentials inside the server's --authfile. defaults to the
    AUTH environment variable.

    --keepalive, An optional keepalive interval. Since the underlying
    transport is HTTP, in many instances we'll be traversing through
    proxies, often these proxies will close idle connections. You must
    specify a time with a unit, for example '5s' or '2m'. Defaults
    to '25s' (set to 0s to disable).

    --max-retry-count, Maximum number of times to retry before exiting.
    Defaults to unlimited.

    --max-retry-interval, Maximum wait time before retrying after a
    disconnection. Defaults to 5 minutes.

    --proxy, An optional HTTP CONNECT or SOCKS5 proxy which will be
    used to reach the chisel server. Authentication can be specified
    inside the URL.
    For example, http://admin:[email protected]:8081
            or: socks://admin:[email protected]:1080

    --header, Set a custom header in the form "HeaderName: HeaderContent".
    Can be used multiple times. (e.g --header "Foo: Bar" --header "Hello: World")

    --hostname, Optionally set the 'Host' header (defaults to the host
    found in the server url).

    --tls-ca, An optional root certificate bundle used to verify the
    chisel server. Only valid when connecting to the server with
    "https" or "wss". By default, the operating system CAs will be used.

    --tls-skip-verify, Skip server TLS certificate verification of
    chain and host name (if TLS is used for transport connections to
    server). If set, client accepts any TLS certificate presented by
    the server and any host name in that certificate. This only affects
    transport https (wss) connection. Chisel server's public key
    may be still verified (see --fingerprint) after inner connection
    is established.

    --tls-key, a path to a PEM encoded private key used for client 
    authentication (mutual-TLS).

    --tls-cert, a path to a PEM encoded certificate matching the provided 
    private key. The certificate must have client authentication 
    enabled (mutual-TLS).

    --pid Generate pid file in current working directory

    -v, Enable verbose logging

    --help, This help text

  Signals:
    The chisel process is listening for:
      a SIGUSR2 to print process stats, and
      a SIGHUP to short-circuit the client reconnect timer

  Version:
    X.Y.Z

  Read more:
    https://github.com/jpillora/chisel

Security

Encryption is always enabled. When you start up a chisel server, it will generate an in-memory ECDSA public/private key pair. The public key fingerprint (base64 encoded SHA256) will be displayed as the server starts. Instead of generating a random key, the server may optionally specify a key seed, using the --key option, which will be used to seed the key generation. When clients connect, they will also display the server's public key fingerprint. The client can force a particular fingerprint using the --fingerprint option. See the --help above for more information.

Authentication

Using the --authfile option, the server may optionally provide a user.json configuration file to create a list of accepted users. The client then authenticates using the --auth option. See users.json for an example authentication configuration file. See the --help above for more information.

Internally, this is done using the Password authentication method provided by SSH. Learn more about crypto/ssh here http://blog.gopheracademy.com/go-and-ssh/.

SOCKS5 Guide

  1. Start your chisel server
docker run \
  --name chisel -p 9312:9312 \
  -d --restart always \
  jpillora/chisel server -p 9312 --socks5 --key supersecret
  1. Connect your chisel client (using server's fingerprint)
chisel client --fingerprint 'rHb55mcxf6vSckL2AezFV09rLs7pfPpavVu++MF7AhQ=' <server-address>:9312 socks
  1. Point your SOCKS5 clients (e.g. OS/Browser) to:
:1080
  1. Now you have an encrypted, authenticated SOCKS5 connection over HTTP

Caveats

Since WebSockets support is required:

  • IaaS providers all will support WebSockets (unless an unsupporting HTTP proxy has been forced in front of you, in which case I'd argue that you've been downgraded to PaaS)
  • PaaS providers vary in their support for WebSockets
    • Heroku has full support
    • Openshift has full support though connections are only accepted on ports 8443 and 8080
    • Google App Engine has no support (Track this on their repo)

Contributing

Changelog

  • 1.0 - Initial release
  • 1.1 - Replaced simple symmetric encryption for ECDSA SSH
  • 1.2 - Added SOCKS5 (server) and HTTP CONNECT (client) support
  • 1.3 - Added reverse tunnelling support
  • 1.4 - Added arbitrary HTTP header support
  • 1.5 - Added reverse SOCKS support (by @aus)
  • 1.6 - Added client stdio support (by @BoleynSu)
  • 1.7 - Added UDP support
Issues
  • Add encrypted password support

    Add encrypted password support

    Currently supports two encryption method: sha256 and sha512. Can be added on compile time.

    User can create a hashed password with mkpasswd --method=sha-512, Server will get the usernames and password as usual, client will supply a hashed password: chisel client --auth user:'$6$QYGHuvnm1c29b0cm$IzOCBgI39CrAphCfRHSwWkpYLGW0f7/gUUXyzjG6W6gjKdggZ3qh4x6CD7H9ixmyOHYwZaYqGdqJKSZpeSw9J1'

    Server will try to create a Crypter with the given password prefix ($5$ is sha256 and $6$ is sha512) and try to decrypt it. If a Crypter not available, it will try a plaintext authentication.

    opened by cagdasbas 18
  • add client-outbound SOCKS support

    add client-outbound SOCKS support

    In some situations, it may be useful to utilize the chisel tunnel to access the internal network of the connected client. With the recent addition of reverse port forward remotes, we can simply start a SOCKS5 server on the client and remote port forward to it.

    ~~Example:~~ (see comment below for latest syntax)

    server

    chisel server --reverse
    2019/02/09 12:54:50 server: Reverse tunnelling enabled
    2019/02/09 12:54:50 server: Fingerprint a7:39:0e:a3:78:87:9e:ba:12:12:b0:42:62:75:99:e3
    2019/02/09 12:54:50 server: Listening on 0.0.0.0:8080...
    2019/02/09 12:54:52 server: proxy#1:R:127.0.0.1:5000=>127.0.0.1:1081: Listening
    

    client

    chisel client --socks5 http://chisel-server:8080 R:127.0.0.1:5000:127.0.0.1:1081
    2019/02/09 12:54:52 client: client-side SOCKS5 server enabled
    2019/02/09 12:54:52 client: Connecting to ws://localhost:8080
    2019/02/09 12:54:52 client: Fingerprint a7:39:0e:a3:78:87:9e:ba:12:12:b0:42:62:75:99:e3
    2019/02/09 12:54:52 client: Connected (Latency 404.322µs)
    
    opened by aus 18
  • [Feature request] Reverse tunnel support

    [Feature request] Reverse tunnel support

    It would be awesome to see this offer reverse port forwards as well as local port forwards.

    enhancement 
    opened by penguinpowernz 16
  • Undetected client disconnects

    Undetected client disconnects

    Hello sir Is there any Default time out from the Client as it stops working from time to time If internet connection reset it doesn't reconnect automatically can you please clarify Please.Thanks for the software is quite faster than FRP.I'm more impressed with its stability from server end.If you can help with UDP and Port Mapping for Port forwarding that would be my ultimate software with good speed more than KCP i guess keep your hard work going thanks again

    bug need-more-info 
    opened by gvsurenderreddy 13
  • every minute: client: Connection error: websocket: close 1006 (abnormal closure): unexpected EOF

    every minute: client: Connection error: websocket: close 1006 (abnormal closure): unexpected EOF

    First of all, thanks for this nice, compact, fast, stable and easy-to-use tool.

    However, there's a little issue: I use the client on a workstation which I hibernate overnight. The next day, new connections work as expected. But there seems to be a problem that the interrupted connection doesn't completely terminate:

    2019/05/28 15:49:11 client: Connection error: websocket: close 1006 (abnormal closure): unexpected EOF 2019/05/28 15:49:11 client: Retrying in 100ms... 2019/05/28 15:49:11 client: Handshaking... 2019/05/28 15:49:11 client: Fingerprint aa:bb:cc:dd:7d:44:5e:36:82:0e:9e:66:f4:f5:62:1b 2019/05/28 15:49:11 client: Sending config 2019/05/28 15:49:11 client: Connected (Latency 34.1538ms)

    The above block of messages repeats every minute

    Client: 1.3.1 chisel_windows_amd64.exe Server: have to look at home but is self-built from sources on Linux ~ same version

    opened by daald 9
  • [QUESTION] Running in Kuberneters

    [QUESTION] Running in Kuberneters

    Has anyone messed around with running chisel in kubernetes? I have a use case where pods need to securely connect to remote resources, without the use a VPN. I am able to make this work in docker, so i think I should be able to do something here.

    My thoughts were some sort of init container, which modifies outbound traffic destined for certain IP:PORTS to get redirected to the chisel container in the same pod.

    No luck so far, but was curious if anyone else had did anything remotely similar with chisel.

    opened by jseiser 8
  • Can I utilize multiple dynos in Heroku?

    Can I utilize multiple dynos in Heroku?

    I ran across chisel today and had some spare time to try it on Heroku.

    I have 100 dynos running with different IPs but when I connect my app via Heroku Router with chisel client, it simply establishes a conn with a random dyno. I want to take advantage of multiple IPs attached to my dynos. Is there a way to instruct chisel to establish a new conn whenever a req hits the local socks, in a multitenant environment avoiding the possibility of overlapping reqs?

    Thanks.

    opened by berkant 8
  • Investigate issues with Minecraft

    Investigate issues with Minecraft

    Hello, I'm trying to use chisel to transport Minecraft packets (TCP-based game) over HTTP. Here's what I'm currently doing:

    # On the virtual machine running the Minecraft server:
    java -jar server.jar nogui &
    chisel server -v --port 25566 --proxy tcp://localhost:25565
    
    # On the local machine running the Minecraft client:
    chisel client -v http://server-host:25566 25567
    

    At first, the client runs out of files:

    2019/07/23 01:52:07 client: Connecting to ws://localhost:25566
    2019/07/23 01:52:07 client: proxy#1:0.0.0.0:25567=>0.0.0.0:25567: Listening
    2019/07/23 01:52:07 client: Fingerprint e1:44:44:9d:10:b1:b1:2b:fd:88:f6:9b:13:50:55:d0
    2019/07/23 01:52:07 client: Connected (Latency 1.436858ms)
    2019/07/23 01:52:43 client: proxy#1:0.0.0.0:25567=>0.0.0.0:25567: Accept error: accept tcp4 0.0.0.0:25567: accept: too many open files
    

    I increase the number of allowed open files with ulimit -n 4096, but then the client and server just "spam" open and close connections when trying to connect to the server.

    2019/07/23 02:06:16 client: proxy#1:0.0.0.0:25567=>0.0.0.0:25567: conn#1001: Open
    ... omitted
    2019/07/23 02:06:16 client: proxy#1:0.0.0.0:25567=>0.0.0.0:25567: conn#1250: Open
    2019/07/23 02:06:16 client: proxy#1:0.0.0.0:25567=>0.0.0.0:25567: conn#1250: Close (sent 34B received 0B)
    ... omitted
    2019/07/23 02:06:16 client: proxy#1:0.0.0.0:25567=>0.0.0.0:25567: conn#1001: Close (sent 34B received 0B)
    

    Is this a bug in chisel? a limitation? or some protocol kink in Minecraft? I'm trying to get to the bottom of this, but it's difficult to figure out why this is happening. It would be great if chisel could work out-of-the-box with any TCP application, Minecraft included.

    opened by Electroid 8
  • use go modules

    use go modules

    add gitignore remove vendor folder work around crypto/ssh handshake issue by locking to an old commit

    opened by qiangli 8
  • vpn over chisel

    vpn over chisel

    Is there an option to use the tun/tap devices with ssh to have a vpn implemented over chisel instead of doing port forwarding?

    enhancement 
    opened by shashankmjain 7
  • chisel server not using AUTH-envVar

    chisel server not using AUTH-envVar

    I was trying to set up a chisel server in a docker container, and wanted to add a single user. While reading the 'usage' I saw I should be able to just and the envVar 'AUTH'. However tests showed authentication was not working, I only get it to work by using the cmdline arg --auth.

    After checking the sources I noticed the AUTH envVar is only implemented for the client.

    After all I think it's better to use the --authfile, but it is confusing that the 'usage' is mentioning non-functioning features :-)

    PS. chisel is a great little project. Keep up the good work!

    opened by andrasj 0
  • Proxy Authentication NTLM

    Proxy Authentication NTLM

    This tool is AWESOME! What about a feature to include proxy authentication using ntlm? Just for the case which the client needs to authenticate through the corporation's proxy

    opened by G0ne 1
  • Bump crazy-max/ghaction-docker-meta from 1 to 3.4.1

    Bump crazy-max/ghaction-docker-meta from 1 to 3.4.1

    Bumps crazy-max/ghaction-docker-meta from 1 to 3.4.1.

    Release notes

    Sourced from crazy-max/ghaction-docker-meta's releases.

    v3.4.1

    • Only return edge if branch matches (#115)

    v3.4.0

    • PEP 440 support (#108)
    • Allow global prefix/suffix on latest (#107)
    • Update dev deps (#109)
    • Bump @​actions/core from 1.3.0 to 1.4.0 (#100)
    • Bump csv-parse from 4.15.4 to 4.16.0 (#101)
    • Bump ws from 7.3.1 to 7.4.6 (#99)

    v3.3.0

    • Fix pull_request_target event (#97)
    • Bump @​actions/core from 1.2.7 to 1.3.0 (#93)
    • Bump @​actions/github from 4.0.0 to 5.0.0 (#94)

    v3.2.0

    • Handle pull_request_target event (#91)
    • Add json output (#89)

    v3.1.0

    • Add format attribute for type=sha (#81)

    v3.0.0

    v2.5.0

    • Major version zero doc (#74)
    • Bump hosted-git-info from 2.8.8 to 2.8.9 (#73)
    • Bump lodash from 4.17.20 to 4.17.21 (#72)
    • Handle global expressions (#71)

    v2.4.0

    • Add bake-target input (#69)
    • Fix setOutput (#67)
    • Bump csv-parse from 4.15.3 to 4.15.4 (#65)
    • Bump @​actions/core from 1.2.6 to 1.2.7 (#64)

    v2.3.0

    • Allow overriding flavor (#63)
    • Prefix/suffix not taken into account for match, semver and schedule types (#62)

    v2.2.1

    • Skip and display warning if tag does not match (#59)

    v2.2.0

    • Improve logging (#58)
    • Fix README (#56)

    ... (truncated)

    Upgrade guide

    Sourced from crazy-max/ghaction-docker-meta's upgrade guide.

    Upgrade notes

    v2 to v3

    • Repository has been moved to docker org. Replace crazy-max/[email protected] with docker/[email protected]
    • The default bake target has been changed: ghaction-docker-meta > docker-metadata-action

    v1 to v2

    inputs

    New Unchanged Removed
    tags images tag-sha
    flavor sep-tags tag-edge
    labels sep-labels tag-edge-branch
    tag-semver
    tag-match
    tag-match-group
    tag-latest
    tag-schedule
    tag-custom
    tag-custom-only
    label-custom

    tag-sha

    tags: |
      type=sha
    

    tag-edge / tag-edge-branch

    tags: |
      # default branch
      type=edge
    </tr></table> 
    

    ... (truncated)

    Commits
    • 8b842e7 Merge pull request #115 from crazy-max/edge-branch
    • 4cb9252 Only return edge if branch matches
    • f6efe56 Merge pull request #109 from crazy-max/dev-deps
    • c15e83f Update dev deps
    • 6c228c6 Merge pull request #108 from crazy-max/pep440
    • a1770d2 PEP 440 support
    • 8a0bc9f Merge pull request #107 from crazy-max/onlatest
    • 375e313 Allow global prefix/suffix on latest
    • aa7478b Merge pull request #100 from docker/dependabot/npm_and_yarn/actions/core-1.4.0
    • 02e4d04 Update generated content
    • Additional commits viewable in compare view

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    dependencies 
    opened by dependabot[bot] 0
  • Help - Compile Chisel

    Help - Compile Chisel

    What do you use to compile chisel?

    opened by damnx0rz 1
  • Update version.go

    Update version.go

    Reason

    This PR changes the ProtocolVersion to a variable to allow dynamic changes if chisel is used as a library.

    Currently chisel is used as a library to configure server and client dynamically. Especially if additional features were added the protocolversion cannot be changed to indicate the existance.

    Additionally Symantec flags traffic from/to chisel as suspicious if chisel-v3 is matched in the traffic.

    Thanks, :)

    opened by c-f 0
  • Chisel client bind interface

    Chisel client bind interface

    Hi,

    On the client, i have several active internet connection and i would like to select witch network interface to use to connect on the server. Thank you for your assistance.

    opened by alcane2011 0
  • Reorganize features section (dodge the bullets)

    Reorganize features section (dodge the bullets)

    Simplify the features section of the README with bolded pseudo-headings and short paragraphs to replace bullets. Full features list is preserved and linked to in doc/features.md (only modification to that is fixing the relative hyperlink paths).

    opened by noahsbwilliams 0
  • Providing chisel's client with a logger level

    Providing chisel's client with a logger level

    Providing chisel's client with a log level to stop having this issues: https://github.com/jpillora/chisel/issues/278

    Another solution could be providing a cio.Logger from the caller. Changing cio.Logger to be an interface and then we'll be able to provide with a logger, I could do that as well if you prefer.

    opened by zuzgon 0
  • Today Microsoft Security Essentials started to flag all chisel versions as a hacking tool

    Today Microsoft Security Essentials started to flag all chisel versions as a hacking tool

    Today Microsoft updated the database for security essentials and Windows Defender. Therefore, all software using chisel on Microsoft will be prevented from running because it is considered a "hack tool". The argument is that "Hacktools can be used to patch or "crack" some software so it will run without a valid license or genuine product key."

    I strongly disagree with the fact that Microsoft can just blacklist an open source tcp tunnel software library without blacklisting all such tunnels. If a software misuses an open source library the software doing so should be banned, not the underlying library providing a technical means.

    The solution is to whitelist this but this is not very elegant.

    This has also been discussed previously here #229 for another anti-virus vendor and is flagged as won't fix. I guess this will end up as won't / can't fix as well? But maybe we should address this with Microsoft?

    duplicate help wanted 
    opened by carsten1410 6
  • proxy tunnel logger

    proxy tunnel logger

    Hey, I found out a problem I have I can't change the logger values of the proxy tun (the one forked when creating a new chisel). https://github.com/jpillora/chisel/blob/92d90be68a989377daf61294ef7458612d10da8c/share/tunnel/tunnel.go#L52 https://github.com/jpillora/chisel/blob/92d90be68a989377daf61294ef7458612d10da8c/client/client.go#L178, since there's no way in the config (and its defaulted to info+debug) to let the client know I don't want it to log Info\Debug messages I have no way to specify to the tunnel I don't want it to log Info\Debug messages.

    I'm talking about these lines photo_2021-05-18_16-38-56

    opened by zuzgon 0
Releases(v1.7.6)
Owner
Jaime Pillora
Jaime Pillora
Go HTTP tunnel is a reverse tunnel based on HTTP/2.

Go HTTP tunnel is a reverse tunnel based on HTTP/2. It enables you to share your localhost when you don't have a public IP.

Michal Jan Matczuk 2.7k Jul 26, 2021
Easy SSH servers in Golang

gliderlabs/ssh The Glider Labs SSH server package is dope. —@bradfitz, Go team member This Go package wraps the crypto/ssh package with a higher-level

Glider Labs 2.1k Jul 23, 2021
HTTP(S)/WS(S)/TCP Tunnels to localhost using only SSH.

An open source serveo/ngrok alternative.

Antonio Mika 1.9k Jul 23, 2021
A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.

frp README | 中文文档 What is frp? frp is a fast reverse proxy to help you expose a local server behind a NAT or firewall to the Internet. As of now, it s

null 47k Jul 22, 2021
Extended ssh-agent which supports git commit signing over ssh

ssh-agentx ssh-agentx Rationale Requirements Configuration ssh-agentx Configuration ssh-gpg-signer Linux Windows Signing commits after configuration T

Wim 3 May 18, 2021
Ethr is a Comprehensive Network Measurement Tool for TCP, UDP & ICMP.

Ethr Ethr is a cross platform network performance measurement tool written in golang. The goal of this project is to provide a native tool for compreh

Microsoft 4.9k Jul 26, 2021
tunnels to localhost and other ssh plumbing

remotemoe is a software daemon for exposing ad-hoc services to the internet without having to deal with the regular network stuff such as configuring VPNs, changing firewalls, or adding port forwards.

Kristian Mide 74 Jul 11, 2021
:vulcan_salute: Fast, modern, easy-to-use network scanner

sx is the command-line network scanner designed to follow the UNIX philosophy. The goal of this project is to create the fastest network scanner with

null 659 Jul 19, 2021
Cloud Native Tunnel

inlets is a Cloud Native Tunnel written in Go Expose your local endpoints to the Internet or within a remote network, without touching firewalls. Foll

inlets 8.4k Jul 26, 2021
Group peer to peer video calls for everyone written in Go and TypeScript

Peer Calls v4 WebRTC peer to peer calls for everyone. See it live in action at peercalls.com. The server has been completely rewriten in Go and all th

Peer Calls 947 Jul 25, 2021
A Stable & Secure Tunnel based on KCP with N:M multiplexing and FEC. Available for ARM, MIPS, 386 and AMD64。KCPプロトコルに基づく安全なトンネル。KCP 프로토콜을 기반으로 하는 보안 터널입니다。

Disclaimer: kcptun maintains a single website — github.com/xtaci/kcptun. Any websites other than github.com/xtaci/kcptun are not endorsed by xtaci. Re

xtaci 12.5k Jul 27, 2021
🤘 The native golang ssh client to execute your commands over ssh connection. 🚀🚀

Golang SSH Client. Fast and easy golang ssh client module. Goph is a lightweight Go SSH client focusing on simplicity! Installation ❘ Features ❘ Usage

Mohamed El Bahja 783 Jul 20, 2021
Modern network boot server.

bofied demo.mp4 Modern network boot server. Overview bofied is a network boot server. It provides everything you need to PXE boot a node, from a (prox

Felix Pojtinger 69 Jul 21, 2021