chisel

Chisel is a small networking tool that creates a tunnel between two machines, letting traffic that would normally be blocked travel between them by disguising it as ordinary web traffic. The README describes it as a fast TCP/UDP tunnel transported over HTTP and secured via SSH. It ships as a single executable that acts as either the server or the client depending on the subcommand you run.

The idea is to deal with a common annoyance: you have a service running somewhere, but a firewall or a corporate proxy stands between you and it. Chisel works around that by carrying the real connection inside an HTTP session, which most networks allow. To stop anyone in the middle from listening in, the inner channel is encrypted using the SSH protocol. The server listens on a normal HTTP port and the client connects to it, after which the client can forward local ports to remote ones or, in reverse mode, forward server-side ports out through the client. Multiple tunnel endpoints can share one TCP connection. Optional extras include authentication via a users config file, fingerprint matching, SOCKS5 proxying in either direction, the ability for the server to double as a plain reverse proxy so Chisel hides in plain sight, automatic reconnect with exponential backoff, and TLS with auto-issued certificates via Let's Encrypt.

Someone would reach for Chisel to expose a development server behind a corporate firewall, give a remote helper access to a machine on a private network, or bridge two networks for a quick test. It is written in Go and distributed as prebuilt binaries, a Docker image, a Fedora RPM package, and via go install. The full README is longer than what was provided.