jpillora
Add port reuse functionality
This pull request allows chisel to reuse ports, based on the functionality implemented in Venom. This will allow chisel to "hijack" an already bound port and start receiving chisel requests on it, forwarding legitimate requests to the hijacked service. Useful for firewall pinholes.
If port reuse is enabled, the chisel server should be bound to the external interface you would like to reuse (with the --host and --port options), while redirecting non-chisel requests to the --backend set by the user.
To explain the changes I made:
- Added new boolean flag to chisel's server component
- Modified the reverseProxy Director to inherit the Host header of the request in case the server we're hijacking looks at hostnames.
- Modified the socket server handler to only look at the
Sec-WebSocket-Protocolheader and forcibly add theConnection/Upgradeheaders. I did this to make chisel work when behind reverse proxies that are not explicitly configured for websockets (in which case the hop-by-hop headers needed for websockets are removed according to RFC 7230, section 6.1). Now that I think of it - I'm not sure if adding these headers also removes the possibly already existing header(?) - Use go-reuseport for the listener.
There's a few things at play to determine whether or not this will work: socket security, how sockets are implemented by the target server, which OS you're on, etc. See also the following resources that go in-depth on some of the common cases:
- https://stackoverflow.com/questions/14388706/how-do-so-reuseaddr-and-so-reuseport-differ
- https://docs.microsoft.com/en-us/windows/win32/winsock/using-so-reuseaddr-and-so-exclusiveaddruse?redirectedfrom=MSDN.
Example invocation (in which e.g. Apache is listening on 0.0.0.0 and has the IP address 1.2.3.4):
chisel.exe server --reuseport --backend http://127.0.0.1 --host 1.2.3.4 --port 80
This should now allow chisel clients to connect to http://1.2.3.4 as well as allow browser visits.
See also @chvancooten's tweet about this.
