ngrok : Web Services Exposed with ONE COMMAND - blackgem

W E L C O M E

https://i.imgur.com/fEamA3G.png

    • Monday, January 16, 2023

    Home cybersecurity infosec ngrok pentesting red team web ngrok : Web Services Exposed with ONE COMMAND

    ngrok : Web Services Exposed with ONE COMMAND


    In this post I will show you how to expose web services with one command using ngrok.

    ngrok is a simplified API-first ingress-as-a-service that adds connectivity, security, and observability to your apps with no code changes.

    Here is how you can use ngrok:

    * Enrich requests with Geo Location
    $ ngrok http 80 --request-header-add "country: \${.ngrok.geo.country_code}"

    * Enforce IP Restrictions
    $ ngrok http 80 --cidr-allow $(curl http://ifconfig.me/ip)/32

    * Add OIDC/SAML Single Sign On
    $ ngrok http 80 --oidc=https://myorg.okta.com --oidc-client-id=[id] --oidc-client-secret=[secret]

    * Add OAuth Authorization
    $ ngrok http 80 --oauth=google --oauth-allow-domain=[domain.com]

    *Improve header security
    $ ngrok http 80 --response-header-add "content-security-policy: self;"

    * Verify Webhook Signatures
    $ ngrok http 80 --verify-webhook=slack --verify-webhook-secret=[secret]

    * Enable SSH Access 
    $ ngrok tcp 22

    * Serve local files
    $ ngrok http "file://$(pwd)"

    * Add Mutual TLS Authentication 
    $ ngrok http 80 --mutual-tls-cas=[root-ca.pem]


    Installation


    1. Go to https://ngrok.com/ and sign up for a new account. This will allow you to get an Authtoken you can add in your configuration when installing ngrok and have access to more functionalities and longer session times.


    2. Generate your Authtoken 



    3. Download ngrok according to your OS 



    4. If you are in Mac OS or linux, unzip ngrok from a terminal with the following command. On Windows, just double click ngrok.zip to extract it.

    $ sudo tar -xvf ngrok-v3-stable-linux-amd64.tgz

    5.  Connect your account by adding your authtoken to the default ngrok.yml configuration file. 

    $ ./ngrok config add-authtoken 29CoWi756JOVSOEYl9Vu3DVJncb_27s7jG5J8YM42zWAao2s5


    6. Make sure ngrok is sent to the bin folder in order for you to run it from everywhere

    $ sudo mv ngrok /usr/local/bin

    7. ngrok is installed and now you can check on the capabilities reading the help file.

    $ ngrok help

    Now we can start using ngrok 😃

    Exposing Web Services

    We are going to use ngrok to temporarily grant access to someone to our web app by generating a random URL. It’s best to assume that anyone could access our app while the tunnel is open. So please make sure to “delete all files” option while your tunnel is active.

    Fire a terminal and write the following command

    $ ./ngrok http 4040

    Error 8012


    Please make sure that ngrok is on the correct port to expose your web app. (Otherwise you can click on "Get help with this error")



    Now you have ngrok up and running and your application is exposed to the world 


    You can monitor the requests from the terminal as well. A tunnel is opened from the localhost and it is being forwarded to a secure URL randomly generated.



    And check on localhost for the configuration



    On a later post I will show you how to use ngrok for post-exploitation 😉


    Let me know if this was useful and thank you for sharing. 
    Tags
    Share This
    Author Image

    About blackgem

    by blackgem at
    Tags , , , , ,

    No comments:

    Post a Comment

    Subscribe to: Post Comments (Atom)

    About blackgem

    blackgem offensive / defensive security specialist looking to give back to the community by posting some of the experiences, how to's, tutorials, etc. Passionate about legacy, current and emerging technologies.