danielmiessler.com
Open in
urlscan Pro
2606:4700:20::681a:668
Public Scan
Submitted URL: https://danielmiessler.com/study/ngrok/
Effective URL: https://danielmiessler.com/p/ngrok/
Submission: On October 07 via api from SA — Scanned from DE
Effective URL: https://danielmiessler.com/p/ngrok/
Submission: On October 07 via api from SA — Scanned from DE
Form analysis
1 forms found in the DOMPOST /create
<form method="post" action="/create" class="group w-full rounded-wt bg-transparent"><input hidden="" value="" name="ref"><input hidden="" value="" name="bhba"><input hidden="" value="b8069708-7b98-41fd-a003-acac4de204c7" name="visit_token"><input
type="hidden" value="" name="cf-turnstile-response"><input type="hidden" value="/subscribe?recommendations=true&email=" name="redirect_path"><input type="hidden" value="true" name="sent_from_orchid"><input type="hidden" value="/p/ngrok/"
name="fallback_path"><input type="hidden" value="false" name="is_recaptcha_enabled"><input type="hidden" value="false" name="double_opt"><input type="hidden" value="true" name="trigger_redirect"><input hidden=""
value="Oops, something went wrong." name="subscribe_error_message"><input hidden="" value="Subscribed!" name="subscribe_success_message">
<div class="flex flex-col">
<div class="flex w-full flex-col items-center sm:flex-row overflow-hidden rounded-lg" style="background-color: rgb(249, 250, 251); border: 2px solid rgb(2, 52, 154);">
<div class="flex w-full items-center" style="background-color: rgb(249, 250, 251);"><input autocomplete="email" required=""
class="wt-button-font z-10 w-full border-none bg-transparent placeholder-shown:text-ellipsis text-lg focus:text-lg active:text-lg sm:text-lg" placeholder="Your best email…" type="email" name="email"
style="font-family: Lora; color: rgb(17, 24, 39);"></div><input class="cursor-pointer px-5 py-3 font-semibold w-full sm:w-auto text-lg focus:text-lg active:text-lg sm:text-lg rounded-lg rounded-none sm:rounded-lg-r" type="submit"
value="Subscribe" style="background-color: rgb(2, 52, 154); color: rgb(255, 255, 255); font-family: "Noto Sans";">
</div>
</div>
</form>
Text Content
Unsupervised Learning Categories NewsletterPodcastAboutBecome a MemberMember PortalSupport LoginSubscribe 0 * Unsupervised Learning * Posts * An Ngrok Tutorial and Primer AN NGROK TUTORIAL AND PRIMER June 05, 2019 1. Introduction 2. Adding Authentication 3. HTTPS Listeners 4. Tunneling SSH 1. Tunneling RDP 2. Serving Directories 3. Summary 4. TL;DR INTRODUCTION TO NGROK This works because Ngrok is calling outbound, and meeting its other side on the internet. Ngrok is an application that gives you external (internet) access to your private systems that are hidden behind NAT or a firewall. It’s basically a super slick, encrypted TCP tunnel that provides an internet-accessible address that anyone can get to, and then links the other side of that tunnel to functionality running local. Here’s what it does: 1. You run ngrok from a local system with a service you want to make available to people on the internet 2. Just run the command and give it the protocol you want to use, along with the local port it’s listening on 3. Ngrok then creates an address in the cloud that people can get to 4. It then connects those two things over an encrypted tunnel, so when you hit the Internet address, you land on your local service automagically! Just because hackers use something doesn’t make it automatically malicious. Two of the examples they give on the site include: 1) public URLs for sending previews to clients, and 2) demoing local functionality with external people. Those use cases are definitely cool, but if you’re in security like I am, the main benefit is granting external access to internal systems once you’ve, um, gained access. Ngrok simplifies what used to require lots of trickery, usually involving SSH. The other cool thing about Ngrok is that it allows you to see the HTTP traffic that’s being tunneled over it via a separate interface, which is by default hosted on http://127.0.0.1:4040. This especially helps the normies that are using it legitimately for testing and troubleshooting (?). BASICS Let’s say you have Apache or Nginx listening on localhost:80. To start the application in the most basic mode possible, simply invoke it and tell it the port your local web server is running on. ngrok http 80 By default Ngrok creates a random subdomain, but you can use the paid version to custom domains and subdomains. Ngrok run with basic options So with this one command you now have a public URL that you can hit from anywhere in the world—that will then access port 80 on your localhost. That’s epic. ADDING AUTHENTICATION Hand-washing after using the bathroom and a decent password are highly recommended. If you’re going to make stuff behind the firewall (that may or may not have been compromised in some way) available to the internet, you might want to make some attempt to lock it down. You can do that with the -auth switch. ngrok http -auth=”youruser:yourpassword” 8181 This will at least make it so that people can’t just walk in the front door. FORWARDING TO HTTPS SERVERS This is different than the internet endpoint, which automatically has an HTTP option. By default your targets are unencrypted (HTTP), so if you want to send to an internal server that uses TLS, you’ll have to specify that. ngrok http https://localhost:8181 TUNNELING SSH One of the most popular security (ab)use cases. One of the most flexible things you can do—at least on a Linux-based host—is give yourself SSH access to the system. Because once you have SSH access you can do whatever else you need to from there. Unsupervised Learning — Security, Tech, and AI in 10 minutes… Get a weekly breakdown of what's happening in security and tech—and why it matters. 1. Make sure SSH is running on the localhost, which is usually on port 22. ngrok tcp 22 TUNNELING RDP Keep in mind you can do this with any port, e.g., Postgres, MySQL, etc. Hopefully with SSH and RDP you have authentication already on the landing point, but that says nothing about the quality of the credentials. ngrok tcp 3389 SERVING A DIRECTORY Be careful with this, obviously. You can also specify a local directory, and have that served via the web interface. Super slick. Super scary. ngrok http http -auth=”user:password” file:///Users/daniel/shared SUMMARY Ngrok is fantastic because it simplifies external access to internal things through the magic of outbound connections. 1. Tell Ngrok what to push up to the internet. 2. It gives you an internet place to go. 3. Go there an access the internal resource. Beautiful. TL;DR Always use authentication, especially where the endpoint doesn’t have it already. FOR WEB DEVELOPERS WANTING EXTERNAL ACCESS TO AN INTERNAL WEB SERVER: ngrok http 80 FOR SECURITY TYPES WANTING AN EXTERNAL TUNNEL TO AN INTERNAL RESOURCE: ngrok tcp 22 Enjoy! NOTES 1. The ngrok.io subdomains appear to have decent entropy, but I wonder if anyone’s trying to search for unsecured endpoints. Of course they are. 2. A friend and I were talking about how Ngrok (or any) connections to localhost:22 could be a decent IOC signal. 3. This tutorial will get you started, but the Ngrok documentation is some of the best I’ve ever seen on a tool, so more information definitely check that out. More 4. Another thing to consider about Ngrok, similar to third-party VPNs, is that Ngrok is closed-source, so you should be aware of what you make available through it. It’s not that open-source automatically means secure, but when you shouldn’t have extreme trust in a closed-source, free tool that offers encrypted tunnels. They could do evil (for whatever reason), get compromised, etc. Not a red flag, but a yellow one. RELATED POSTS: 1. Masscan Examples: From Installation to Everyday Use 2. A CrowdSec Primer: A Modern Replacement for Fail2Ban 3. Recommended 4. An Information Security Glossary of Terms Unsupervised Learning SECURITY | AI | MEANING :: One security-minded AI builder's continuous stream of original ideas, analysis, tools, and mental models on how to build a successful and meaningful life in a world full of AI. Home Posts Authors Account Upgrade Newsletter Newsletter © 2024 Unsupervised Learning. Privacy Policy Terms of Use Powered by beehiiv