What is ngrok ?
We all know that ngrok is a free tools for sharing projects created in localhost online. Access to all functions of the program we have from the command line. ngrok exposes local networked services behinds NATs and firewalls to the public internet over a secure tunnel.
It is an application for securely tunneling our local port/services from a public url or we can say public network.
How it works ?
It connects to the ngrok cloud service which accepts traffic on a public address and relays that traffic through to the ngrok process running on your machine and then on to the local address you specified.
Benefits of ngrok.
We don’t need to configure port forwarding on your routers or waste time setting up dynamic DNS solutions like No-IP.
we can tunnel almost every TCP connection.
We can protect the access by providing creds like password & share only with the desired person/client.
Ngrok does not log or store any data transmitted through our tunneled connections.
NOTE : It actually generates a public url randomly and if we want to add custom url then we need to buy basic/pro version for custom domain [Example https://m06a4y92.ngrok.io]
How NGROK plays a vital role in phishing ?
We all know that phishing is a method or way to steal credentials like usernames,passwords or credit/debit card details. By default ngrok securely tunnels our communication using TLS/SSL but beginners or we can say novice usually trust HTTPS more. Using ngrok see below that how we can abuse it or how hackers usually abuse it with social engineering skills.
As you can see the above phishing page of Facebook, it’s using HTTPS. For a novice user, it’s a secure site, to them secure means legitimate site. The moment they input username & password it will be delivered to attackers machine in clear text.
How to install NGROK on your GNU/Linux distribution based on debian.
Go to the website : www.ngrok.com
Downlaod the zip folder and extract it on your system
Now go to the location of extracted file with the help of Terminal
Now to run ngrok type the following commands given below
./ngrok http 80
This command will start your session in ngrok and your local host is ready to communicate with outside or public network. After coming online in ngrok your system not only can communicate within your network but also outside the network that is public network.
Just copy the link from ngrok commandline interface and make it as your local host address for public networks.
Note : if you are using your mobile network to access internet and you don't have access to router for opening the ports then this tool is best replacement for the same.
We all know that ngrok is a free tools for sharing projects created in localhost online. Access to all functions of the program we have from the command line. ngrok exposes local networked services behinds NATs and firewalls to the public internet over a secure tunnel.
It is an application for securely tunneling our local port/services from a public url or we can say public network.
How it works ?
It connects to the ngrok cloud service which accepts traffic on a public address and relays that traffic through to the ngrok process running on your machine and then on to the local address you specified.
Benefits of ngrok.
We don’t need to configure port forwarding on your routers or waste time setting up dynamic DNS solutions like No-IP.
we can tunnel almost every TCP connection.
We can protect the access by providing creds like password & share only with the desired person/client.
Ngrok does not log or store any data transmitted through our tunneled connections.
NOTE : It actually generates a public url randomly and if we want to add custom url then we need to buy basic/pro version for custom domain [Example https://m06a4y92.ngrok.io]
How NGROK plays a vital role in phishing ?
We all know that phishing is a method or way to steal credentials like usernames,passwords or credit/debit card details. By default ngrok securely tunnels our communication using TLS/SSL but beginners or we can say novice usually trust HTTPS more. Using ngrok see below that how we can abuse it or how hackers usually abuse it with social engineering skills.
As you can see the above phishing page of Facebook, it’s using HTTPS. For a novice user, it’s a secure site, to them secure means legitimate site. The moment they input username & password it will be delivered to attackers machine in clear text.
How to install NGROK on your GNU/Linux distribution based on debian.
Go to the website : www.ngrok.com
Downlaod the zip folder and extract it on your system
Now go to the location of extracted file with the help of Terminal
Now to run ngrok type the following commands given below
./ngrok http 80
This command will start your session in ngrok and your local host is ready to communicate with outside or public network. After coming online in ngrok your system not only can communicate within your network but also outside the network that is public network.
Just copy the link from ngrok commandline interface and make it as your local host address for public networks.
Note : if you are using your mobile network to access internet and you don't have access to router for opening the ports then this tool is best replacement for the same.
No comments:
Post a Comment