Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This pull request allows chisel to reuse ports, based on the functionality implemented in Venom. This will allow chisel to "hijack" an already bound port and start receiving chisel requests on it, forwarding legitimate requests to the hijacked service. Useful for firewall pinholes.
If port reuse is enabled, the chisel server should be bound to the external interface you would like to reuse (with the
--host
and--port
options), while redirecting non-chisel requests to the--backend
set by the user.To explain the changes I made:
Sec-WebSocket-Protocol
header and forcibly add theConnection
/Upgrade
headers. I did this to make chisel work when behind reverse proxies that are not explicitly configured for websockets (in which case the hop-by-hop headers needed for websockets are removed according to RFC 7230, section 6.1). Now that I think of it - I'm not sure if adding these headers also removes the possibly already existing header(?)There's a few things at play to determine whether or not this will work: socket security, how sockets are implemented by the target server, which OS you're on, etc. See also the following resources that go in-depth on some of the common cases:
Example invocation (in which e.g. Apache is listening on 0.0.0.0 and has the IP address 1.2.3.4):
chisel.exe server --reuseport --backend http://127.0.0.1 --host 1.2.3.4 --port 80
This should now allow chisel clients to connect to http://1.2.3.4 as well as allow browser visits.
See also @chvancooten's tweet about this.