In this post I will show you how to expose web services with one command using ngrok.
ngrok is a simplified API-first ingress-as-a-service that adds connectivity, security, and observability to your apps with no code changes.
Here is how you can use ngrok:
* Enrich requests with Geo Location
$ ngrok http 80 --request-header-add "country: \${.ngrok.geo.country_code}"
* Enforce IP Restrictions
$ ngrok http 80 --cidr-allow $(curl http://ifconfig.me/ip)/32
* Add OIDC/SAML Single Sign On
$ ngrok http 80 --oidc=https://myorg.okta.com --oidc-client-id=[id] --oidc-client-secret=[secret]
* Add OAuth Authorization
$ ngrok http 80 --oauth=google --oauth-allow-domain=[domain.com]
*Improve header security
$ ngrok http 80 --response-header-add "content-security-policy: self;"
* Verify Webhook Signatures
$ ngrok http 80 --verify-webhook=slack --verify-webhook-secret=[secret]
* Enable SSH Access
$ ngrok tcp 22
* Serve local files
$ ngrok http "file://$(pwd)"
* Add Mutual TLS Authentication
$ ngrok http 80 --mutual-tls-cas=[root-ca.pem]
Source : https://ngrok.com/product
Installation
1. Go to https://ngrok.com/ and sign up for a new account. This will allow you to get an Authtoken you can add in your configuration when installing ngrok and have access to more functionalities and longer session times.
2. Generate your Authtoken
3. Download ngrok according to your OS
4. If you are in Mac OS or linux, unzip ngrok from a terminal with the following command. On Windows, just double click ngrok.zip to extract it.
$ sudo tar -xvf ngrok-v3-stable-linux-amd64.tgz
5. Connect your account by adding your authtoken to the default ngrok.yml configuration file.
6. Make sure ngrok is sent to the bin folder in order for you to run it from everywhere
$ sudo mv ngrok /usr/local/bin
7. ngrok is installed and now you can check on the capabilities reading the help file.
$ ngrok help
Now we can start using ngrok 😃
Exposing Web Services
We are going to use ngrok to temporarily grant access to someone to our web app by generating a random URL. It’s best to assume that anyone could access our app while the tunnel is open. So please make sure to “delete all files” option while your tunnel is active.Fire a terminal and write the following command
$ ./ngrok http 4040
Error 8012
Please make sure that ngrok is on the correct port to expose your web app. (Otherwise you can click on "Get help with this error")
Now you have ngrok up and running and your application is exposed to the world
You can monitor the requests from the terminal as well. A tunnel is opened from the localhost and it is being forwarded to a secure URL randomly generated.
And check on localhost for the configuration
On a later post I will show you how to use ngrok for post-exploitation 😉
Let me know if this was useful and thank you for sharing.
No comments:
Post a Comment