0

NGROK 101

Ngrok is a cross-platform program that uses the Internet to expose local server ports.
security
BugBase
June 2nd 2022.

WHAT IS NGROK?

Ngrok is a cross-platform program that uses the Internet to expose local server ports. So that one can spend more time programming—one command for a secure, immediate URL to your localhost server over any NAT or firewall. The ngrok client software is available for Windows, macOS, and Linux.

Assume you were working on a few internet pages and wanted to demonstrate them to your company, but you didn't have all of the necessary infrastructures.

During the development process, you may need to demonstrate to someone what you're working on and what you've already accomplished. The first thought that comes to mind is to use a cheap hosting service to install your program, but this costs money and takes time. When working on your own project, the same scenario may happen: you might need to be able to receive requests when integrating external services into your code.

In such instances, a service that builds tunnels to localhost is required, and ngrok is one of the most often used.

WHAT MIGHT NGROK BE USED FOR?

Ngrok is a legitimate tool with a valid function. When you wish to expose something to the Internet, it provides a simple approach to rapidly expose a local server to the Internet.

Hackers, as usual, take a utility's legitimate function and repurpose it for evil. While ngrok has been used by evil actors in the past, we hope that ngrok tunneling shows it in a fresh light.

Open access to any graphical-interface remote control, including public-facing RDP, might be disastrous for a corporation. Hackers utilise it for persistence in this scenario, but they may also use it to prolong their campaign, exfiltrate data, perhaps do additional lateral movement, and more. After all, it is remote access. Command and control with a full desktop session on the open Internet, readily waiting for hackers anywhere in the world.

What is Conhost.exe?

Conhost.exe is a process that is normally created by command shells like PowerShell or cmd.exe, so if an analyst was only looking at a process tree and didn't notice any command-line inputs, this may appear harmless.

However, the command-line options imply that this is not the same conhost.exe as before. This is Ngrok, posing as conhost.exe, which is simply a renamed file.

The ngrok application would normally require such command-line inputs to specify a configuration file and region. You may use those options to provide a different configuration file than the default—as well as the region where the ngrok client will connect to host its tunnels.

WHAT ARE NGROK SECURE TUNNELS?

Using ngrok Secure Tunnels, you may quickly gain access to distant systems without having to change any network settings or open any ports on your router. This means your development box, IoT device, or just about anything else with an internet connection will have a safe, dependable tunnel.

When you use ngrok Secure Tunnels, you may treat any device as if it were local, even if it's on the other side of the world.

Some examples of the tunnels used are:

  • HTTP Tunnels: Using ngrok HTTP tunnels, you may rapidly and efficiently route HTTP protocols. Websites, RESTful APIs, web servers, web sockets, and other services are among them. It's as simple as typing ngrok HTTP 80 or whatever local port your service is listening on.
  • TLS Tunnels: HTTPS tunnels use ngrok.com certificates to terminate all TLS (SSL) traffic at the ngrok.com servers. Your tunneled traffic should be encrypted with your own TLS key and certificate for production-grade services. With TLS tunnels, ngrok makes this extremely simple.
  • TCP Tunnels: Not all of the services you want to offer use HTTP or TLS. TCP tunnels from ngrok let you expose any networked service that uses TCP. SSH, gaming servers, databases, and other services are routinely exposed via this method.

CONCLUSION

The first prototype for ngrok was committed on March 20th, 2013.

Ngrok creates a secure connection tunnel that can only send data to the localhost port you have open. It would be tough to cause any harm, but only the program you're evaluating is secure. Therefore ngrok creates a reliable and safe localhost tunneling service and hence the popularity.

What is BugBase?

BugBase is a curated marketplace for ethical hackers that helps businesses and startups set up bug bounty programs. It is India's first consolidated bug bounty platform, which assists organizations in staying safe by providing an all-in-one platform for continuous and comprehensive security testing.

Through BugBase registering and setting up your organisation’s bug bounty program is no less than a breeze. We also provide hackers and security professionals with the platform to directly get connected with organizations that have set up their bug bounty programs and get rewarded for the risks and vulnerabilities they find.

Thank you for being part of our BugFam! Stay up to date on our latest posts and hope you had a great week!

Join our discord community for regular updates and much more fun!!

Join the BugBase Discord Server!

Cheers,

BugBase Team

Let's take your security
to the next level

security