Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Subdomain Takeover through ngrok #85

Open
Quikko opened this issue Mar 29, 2019 · 1 comment
Labels

Comments

@Quikko
Copy link

@Quikko Quikko commented Mar 29, 2019

Service name

Ngrok allows you to expose a web server running on your local machine to the internet. Just tell ngrok what port your web server is listening on.

Proof

Visiting the subdomain from your browser will show a HTML page, like shown below:

proof

Perform a dig or host command, you will see a CNAME record pointing to [CUSTOM].ngrok.io.

To perform the takeover:

  1. Make an account on https://ngrok.com/
  2. Link a credit card to your account and pay for the $5/month. Otherwise, you are not allowed to make use of Custom subdomains. Important to note: You will get a refund within 15 days.
  3. Follow the steps on https://dashboard.ngrok.com/get-started to link the binary to your account.
  4. Run the following command: ./ngrok http 80 -subdomain quikke. Note, quikke needs to be replaced with the value before .ngrok.io
    5.Visit the subdomain again:

takeover2

The error message is basically saying that I do not have a HTTP service running on port 80 on my local machine.

Documentation

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
2 participants
You can’t perform that action at this time.