Last weekend my team c4t_fl4g.txt
participated in zh3r0 CTF and got 32nd rank overall, it was a huge achievement for our team since all the members are fairly new to the field. During this competition I came across a really cool tool, ngrok
.
The very first impression was, where the hell was it all this time. The basic functionality of the tool is that it forwards your localhost server to the public internet, you don't need the hassle of trying to host your website on any platform. Just start your server locally and start ngrok
for the same port and boom, you have a website on the link provided by ngrok
.
How to set it up
It's a single command setup. First create an account on the official page. You can download the executable from the official page. Once you have downloaded the executable, just run the below command.
ngrok authtoken {your_authtoken}
You can find you authtoken on your ngrok profile
Running ngrok
To run ngrok you just need to specify the protocol and the port number
ngrok {protocl} {port_no}
protocol ⇒ http, tcp, tls
To get https
you can use its default port i.e 443.
You can also specify a custom domain that you would like for the url
ngrok http -subdomain=noice 4444
If you want to set up authentication for your tunnel then you can do that too.
ngrok http -auth="username:password" 8080
ngrok also gives you the ability to forward server that are not hosted locally. For example, if your website is hosted on 192.168.1.1 then you can forward that too.
ngrok http 192.168.1.1:8080
ngrok also provides a web interface at 127.0.0.1:4040
where you can see the requests that are being made to your server. It is quite handy when you want to analyze a request, especially when you are playing Capture the Flag competitions
Conclusion
This tool is fantastic when you just want to share your local project with somebody. It is also quite useful for CTF players as they don't need to have a server of their own when they want to host their exploit.
Don't be dumb on the internet
Top comments (1)
This tool is amazing especially when you work remotely and I use it when I want to be sure that the responsivity😂 works