What is Chisel — Fast TCP/UDP Tunnel Over HTTP and SSH?

Chisel is a single-binary tool written in Go that creates encrypted tunnels for TCP and UDP traffic over HTTP or SSH. It works through firewalls and proxies, making it useful for accessing internal services, bypassing NAT, and securing connections without a full VPN.

Is Chisel — Fast TCP/UDP Tunnel Over HTTP and SSH free to use?

Yes. Chisel — Fast TCP/UDP Tunnel Over HTTP and SSH is freely available on TokRepo. Check the Source & Thanks section on the asset page for the specific open-source license.

How do I install Chisel — Fast TCP/UDP Tunnel Over HTTP and SSH?

Visit the asset page on TokRepo and click "Copy for agent" to get the installation instructions. Most assets can be installed with a single command.

Chisel — Fast TCP/UDP Tunnel Over HTTP and SSH

Introduction

Chisel is a Go-based tunneling tool that encapsulates TCP and UDP connections inside HTTP WebSockets or SSH. It is distributed as a single static binary with no dependencies, making it easy to deploy on servers, containers, or embedded devices for secure port forwarding through restrictive networks.

What Chisel Does

Creates forward and reverse TCP/UDP tunnels over HTTP or HTTPS
Works through corporate proxies and firewalls that allow outbound HTTP
Authenticates clients with username and password or fingerprint verification
Supports SOCKS5 proxy mode for dynamic port forwarding
Encrypts all traffic via SSH inside the HTTP connection

Architecture Overview

Chisel upgrades an HTTP connection to a WebSocket, then runs an SSH session over that WebSocket. The SSH layer handles multiplexing, encryption, and channel management. Tunnels are defined as local-to-remote or remote-to-local port mappings. The server listens on a single HTTP port and can run behind a reverse proxy or CDN for additional obfuscation.

Self-Hosting & Configuration

Download the single binary from GitHub Releases for Linux, macOS, or Windows
Run chisel server --port 8080 on the public-facing host
Start the client with tunnel definitions like R:remote_port:local_host:local_port
Add --auth user:pass on both server and client for authentication
Supports --reverse on the server to allow clients to open listening ports

Key Features

Single static binary with zero runtime dependencies
Works through HTTP proxies and CONNECT-capable firewalls
Supports both TCP and UDP tunneling
Built-in SOCKS5 proxy for dynamic forwarding
Auto-reconnect with exponential backoff on the client side

Comparison with Similar Tools

SSH port forwarding — Requires an SSH server; Chisel tunnels over HTTP, passing through web proxies
ngrok / localtunnel — HTTP-only tunnels; Chisel supports arbitrary TCP and UDP
WireGuard — Full mesh VPN; Chisel is lighter and targets specific port-forwarding use cases
bore — Minimal Rust tunnel; Chisel adds authentication, SOCKS5, and UDP support

FAQ

Q: Can Chisel tunnel UDP traffic? A: Yes. Prefix the tunnel definition with udp/ to tunnel UDP instead of TCP.

Q: Does Chisel work behind a corporate HTTP proxy? A: Yes. Use the --proxy flag on the client to route through an HTTP CONNECT proxy.

Q: Is the traffic encrypted? A: Yes. All traffic is encrypted via SSH, which runs inside the HTTP WebSocket connection.

Q: Can I run multiple tunnels on a single Chisel connection? A: Yes. Specify multiple tunnel definitions on the client command line; they all share one multiplexed connection.

Chisel — Fast TCP/UDP Tunnel Over HTTP and SSH

Introduction

What Chisel Does

Architecture Overview

Self-Hosting & Configuration

Key Features

Comparison with Similar Tools

FAQ

Sources

Fil de discussion

Actifs similaires

OpenBao — Community-Driven Open Source Secrets Manager

Piku — The Tiniest PaaS for Git-Push Deployments

netboot.xyz — Network Boot Any Operating System from a Single Menu