danielmiessler.com Open in urlscan Pro
2606:4700:20::681a:668  Public Scan

Submitted URL: https://danielmiessler.com/study/ngrok/
Effective URL: https://danielmiessler.com/p/ngrok/
Submission: On October 07 via api from SA — Scanned from DE

Form analysis 1 forms found in the DOM

POST /create

<form method="post" action="/create" class="group w-full rounded-wt bg-transparent"><input hidden="" value="" name="ref"><input hidden="" value="" name="bhba"><input hidden="" value="b8069708-7b98-41fd-a003-acac4de204c7" name="visit_token"><input
    type="hidden" value="" name="cf-turnstile-response"><input type="hidden" value="/subscribe?recommendations=true&amp;email=" name="redirect_path"><input type="hidden" value="true" name="sent_from_orchid"><input type="hidden" value="/p/ngrok/"
    name="fallback_path"><input type="hidden" value="false" name="is_recaptcha_enabled"><input type="hidden" value="false" name="double_opt"><input type="hidden" value="true" name="trigger_redirect"><input hidden=""
    value="Oops, something went wrong." name="subscribe_error_message"><input hidden="" value="Subscribed!" name="subscribe_success_message">
  <div class="flex flex-col">
    <div class="flex w-full flex-col items-center sm:flex-row overflow-hidden rounded-lg" style="background-color: rgb(249, 250, 251); border: 2px solid rgb(2, 52, 154);">
      <div class="flex w-full items-center" style="background-color: rgb(249, 250, 251);"><input autocomplete="email" required=""
          class="wt-button-font z-10 w-full border-none bg-transparent placeholder-shown:text-ellipsis text-lg focus:text-lg active:text-lg sm:text-lg" placeholder="Your best email…" type="email" name="email"
          style="font-family: Lora; color: rgb(17, 24, 39);"></div><input class="cursor-pointer px-5 py-3 font-semibold w-full sm:w-auto text-lg focus:text-lg active:text-lg sm:text-lg rounded-lg rounded-none sm:rounded-lg-r" type="submit"
        value="Subscribe" style="background-color: rgb(2, 52, 154); color: rgb(255, 255, 255); font-family: &quot;Noto Sans&quot;;">
    </div>
  </div>
</form>

Text Content

Unsupervised Learning
Categories


NewsletterPodcastAboutBecome a MemberMember PortalSupport
LoginSubscribe


0

 * Unsupervised Learning
 * Posts
 * An Ngrok Tutorial and Primer


AN NGROK TUTORIAL AND PRIMER

June 05, 2019



 1. Introduction

 2. Adding Authentication

 3. HTTPS Listeners

 4. Tunneling SSH

 1. Tunneling RDP

 2. Serving Directories

 3. Summary

 4. TL;DR


INTRODUCTION TO NGROK

This works because Ngrok is calling outbound, and meeting its other side on the
internet.

Ngrok is an application that gives you external (internet) access to your
private systems that are hidden behind NAT or a firewall. It’s basically a super
slick, encrypted TCP tunnel that provides an internet-accessible address that
anyone can get to, and then links the other side of that tunnel to functionality
running local.

Here’s what it does:

 1. You run ngrok from a local system with a service you want to make available
    to people on the internet

 2. Just run the command and give it the protocol you want to use, along with
    the local port it’s listening on

 3. Ngrok then creates an address in the cloud that people can get to

 4. It then connects those two things over an encrypted tunnel, so when you hit
    the Internet address, you land on your local service automagically!

Just because hackers use something doesn’t make it automatically malicious.

Two of the examples they give on the site include: 1) public URLs for sending
previews to clients, and 2) demoing local functionality with external people.

Those use cases are definitely cool, but if you’re in security like I am, the
main benefit is granting external access to internal systems once you’ve, um,
gained access.

Ngrok simplifies what used to require lots of trickery, usually involving SSH.

The other cool thing about Ngrok is that it allows you to see the HTTP traffic
that’s being tunneled over it via a separate interface, which is by default
hosted on http://127.0.0.1:4040. This especially helps the normies that are
using it legitimately for testing and troubleshooting (?).


BASICS

Let’s say you have Apache or Nginx listening on localhost:80.

To start the application in the most basic mode possible, simply invoke it and
tell it the port your local web server is running on.

ngrok http 80

By default Ngrok creates a random subdomain, but you can use the paid version to
custom domains and subdomains.



Ngrok run with basic options

So with this one command you now have a public URL that you can hit from
anywhere in the world—that will then access port 80 on your localhost. That’s
epic.


ADDING AUTHENTICATION

Hand-washing after using the bathroom and a decent password are highly
recommended.

If you’re going to make stuff behind the firewall (that may or may not have been
compromised in some way) available to the internet, you might want to make some
attempt to lock it down. You can do that with the -auth switch.

ngrok http -auth=”youruser:yourpassword” 8181

This will at least make it so that people can’t just walk in the front door.


FORWARDING TO HTTPS SERVERS

This is different than the internet endpoint, which automatically has an HTTP
option.

By default your targets are unencrypted (HTTP), so if you want to send to an
internal server that uses TLS, you’ll have to specify that.

ngrok http https://localhost:8181


TUNNELING SSH

One of the most popular security (ab)use cases.

One of the most flexible things you can do—at least on a Linux-based host—is
give yourself SSH access to the system. Because once you have SSH access you can
do whatever else you need to from there.

Unsupervised Learning — Security, Tech, and AI in 10 minutes…

Get a weekly breakdown of what's happening in security and tech—and why it
matters.



 1. Make sure SSH is running on the localhost, which is usually on port 22.

ngrok tcp 22


TUNNELING RDP

Keep in mind you can do this with any port, e.g., Postgres, MySQL, etc.

Hopefully with SSH and RDP you have authentication already on the landing point,
but that says nothing about the quality of the credentials.

ngrok tcp 3389


SERVING A DIRECTORY

Be careful with this, obviously.

You can also specify a local directory, and have that served via the web
interface. Super slick. Super scary.

ngrok http http -auth=”user:password” file:///Users/daniel/shared


SUMMARY

Ngrok is fantastic because it simplifies external access to internal things
through the magic of outbound connections.

 1. Tell Ngrok what to push up to the internet.

 2. It gives you an internet place to go.

 3. Go there an access the internal resource.

Beautiful.


TL;DR

Always use authentication, especially where the endpoint doesn’t have it
already.


FOR WEB DEVELOPERS WANTING EXTERNAL ACCESS TO AN INTERNAL WEB SERVER:

ngrok http 80


FOR SECURITY TYPES WANTING AN EXTERNAL TUNNEL TO AN INTERNAL RESOURCE:

ngrok tcp 22

Enjoy!


NOTES

 1. The ngrok.io subdomains appear to have decent entropy, but I wonder if
    anyone’s trying to search for unsecured endpoints. Of course they are.

 2. A friend and I were talking about how Ngrok (or any) connections to
    localhost:22 could be a decent IOC signal.

 3. This tutorial will get you started, but the Ngrok documentation is some of
    the best I’ve ever seen on a tool, so more information definitely check that
    out. More

 4. Another thing to consider about Ngrok, similar to third-party VPNs, is that
    Ngrok is closed-source, so you should be aware of what you make available
    through it. It’s not that open-source automatically means secure, but when
    you shouldn’t have extreme trust in a closed-source, free tool that offers
    encrypted tunnels. They could do evil (for whatever reason), get
    compromised, etc. Not a red flag, but a yellow one.


RELATED POSTS:

 1. Masscan Examples: From Installation to Everyday Use

 2. A CrowdSec Primer: A Modern Replacement for Fail2Ban

 3. Recommended

 4. An Information Security Glossary of Terms




Unsupervised Learning

SECURITY | AI | MEANING :: One security-minded AI builder's continuous stream of
original ideas, analysis, tools, and mental models on how to build a successful
and meaningful life in a world full of AI.

Home

Posts

Authors

Account

Upgrade

Newsletter

Newsletter



© 2024 Unsupervised Learning.

Privacy Policy

Terms of Use

Powered by beehiiv