A complete detailed tutorial on building intranet penetration ngrok (with pictures and truth)

Hits: 0

If the ones found on the Internet are unstable, it is better to build one yourself. I went to ask Du Niang and found a bunch of them. Well, let’s get started.

Preparations (in fact, it is also a hard condition):

  1. One server

  2. One domain name for the record. (A lot of people say they can not file, I don’t know if it’s true or not, mine is ready)

tool:

  1. [Remote connection] tool: xshell or putty. (It doesn’t matter what can be connected, just choose according to personal habits)

  2. Download tool: [winscp] (this is my favorite) Of course, you can also use the command.

Install:

1.git installation

yum -y install zlib-devel openssl-devel perl hg cpio expat-devel gettext-devel curl curl-devel perl-ExtUtils-MakeMaker hg wget gcc gcc-c++

This command is what Du Niang told me. If it doesn’t work, find a tutorial to install git. I’ll be ok after executing this.

Since ngrok is developed on the basis of go, install go first (the go language is completely different, it doesn’t matter, just install it)

2. Install go

I think it’s too slow to download go on the server, so I decided to download it locally and upload it to the server 

Download address: https://studygolang.com/dl (I think this is pretty good)

The number of bits to download the linux version is optimistic, and these details must be paid attention to.

After downloading, upload it to /usr/local/ under the server with winscp

decompress 

# The go command needs to do a soft link to /usr/bin   
ln -s /usr/local/go/bin/ * /usr/bin/

You can see the go directory under the directory

At this time, a soft connection needs to be made (I don’t know why I do it, which god can guide me)

export GOROOT=/usr/local/go    
export GOPATH=$HOME/go
export PATH=$PATH:$GOROOT/bin

After doing these, finally set the global environment variables

cd /usr/local/ 

//ngrok download address
git clone https://github.com/inconshreveable/ngrok.git

make the environment valid

export GOPATH=/usr/ local /ngrok/  

#Write your own domain name here, no prefix, such as www.abc.club fill in abc.club (the domain name has been filed) 
export NGROK_DOMAIN= "abc.club"

Okay, now our go installation is complete, check whether the installation is successful

cd /usr/local/ngrok
openssl genrsa -out rootCA.key 2048  
openssl req -x509 -new -nodes -key rootCA.key -subj "/CN=$NGROK_DOMAIN" -days 5000 -out rootCA.pem  
openssl genrsa -out server.key 2048  
openssl req -new -key server.key -subj "/CN=$NGROK_DOMAIN" -out server.csr  
openssl x509 -req -in server.csr -CA rootCA.pem -CAkey rootCA.key -CAcreateserial -out server.crt -days 5000

cp rootCA.pem assets/client/tls/ngrokroot.crt 
cp server.crt assets/server/tls/snakeoil.crt 
cp server.key assets/server/tls/snakeoil.key

Execute one of the corresponding ones to indicate that the installation is successful

3. Install ngrok

In order to find convenience, it is also installed in the local directory

#Linux platform 32-bit system: GOOS=linux GOARCH=386 
#Linux platform 64-bit system: GOOS=linux GOARCH=amd64 
#Windows platform 32-bit system: GOOS=windows GOARCH=386 
#Windows platform 64-bit system: GOOS=windows GOARCH =amd64 
#MAC platform 32-bit system: GOOS=darwin GOARCH=386 
#MAC platform 64-bit system: GOOS=darwin GOARCH=amd64 
#ARM platform: GOOS=linux GOARCH=arm

This address can be downloaded from git and then uploaded or focked into your own project

After the download is complete, you can see a ngrok folder

Configure ngrok environment variables

./bin/ngrokd -tlsKey=server.key -tlsCrt=server.crt -domain="abc.club" -httpAddr=":80" -httpsAddr=":443" -tunnelAddr=":4443"

Parameter Description:
#-domain access ngrok is the set service address when generating a certificate 
#-httpAddr http protocol port defaults to 80 
#-httpsAddr https protocol port defaults to 443 
#-tunnelAddr channel port defaults to 4443

4. Generate ngrok certificate and overwrite the original certificate

server_addr: "abc.club:4443"  
trust_host_root_certs: false

The above command is copied, don’t mind, it is to generate a certificate

Overwrite the certificate. The following commands are divided and typed each one will make you sure to press y.

ngrok -config=./ngrok.cfg -subdomain=test 8080

#Parameter Description
ngrok.cfg the newly created file
-subdomain= test  test : penetrated domain name prefix
8080: The penetrating domain name mapping port

This is the end of the installation configuration

generate server

Enter the ngrok directory

@ echo OFF
color 0a
Title boom Ngrok Launcher
Mode con cols=109 lines=30
:START
set /p clientid= Please enter the prefix:
 echo .
 set /p port= Please enter the port:
 echo .
ngrok -config=ngrok.cfg -subdomain %clientid% %port%
PAUSE
goto TUNNEL

Execute the generation server where amd64 represents a 64-bit linux system, if it is a 32-bit system, change it to: GOARCH=386 

#!/bin/bash

#chkconfig: -

#description:ngrok  


case "$1" in
    start)
    echo "start ngrok service.."
    cd /usr/local/ngrok/
    setsid ./bin/ngrokd -tlsKey=server.key -tlsCrt=server.crt -domain="abc.club" -httpAddr=":80" -httpsAddr=":443" -tunnelAddr=":4443" 
    ;;
        *)
        exit 1
        ;;
esac

###Parameter description: 
### cd /usr/local/ngrok/: enter the ngrok directory 
### setsid: start without this result, close the window and find that the service has stopped plus it is currently easy to use 
### setsid ./bin/ ngrokd -tlsKey=server.key -tlsCrt=server.crt -domain="abc.club" -httpAddr=":80" -httpsAddr=":443" -tunnelAddr=":4443" : Start the ngrok server command

After the generation is successful, there will be an ngrokd folder under the bin of ngrok, which means success

generate client

same as server 

systemctl enable ngrok.service //Add to boot 
systemctl daemon-reload   //Reload the configuration file

GOOS=windows GOARCH=amd64 make release-client

There will be a windows_amd64 folder under the bin of ngrok, which means success

The following is the version of different systems generated by different clients to replace the values ​​of GOODS and GOARCH

#Linux platform 32-bit system: GOOS=linux GOARCH=386 
#Linux platform 64-bit system: GOOS=linux GOARCH=amd64 
#Windows platform 32-bit system: GOOS=windows GOARCH=386 
#Windows platform 64-bit system: GOOS=windows GOARCH =amd64 
#MAC platform 32-bit system: GOOS=darwin GOARCH=386 
#MAC platform 64-bit system: GOOS=darwin GOARCH=amd64 
#ARM platform: GOOS=linux GOARCH=arm

server start

Execute under ngrock

./bin/ngrokd -tlsKey=server.key -tlsCrt=server.crt -domain="abc.club" -httpAddr=":80" -httpsAddr=":443" -tunnelAddr=":4443"

Parameter Description:
#-domain access ngrok is the set service address when generating a certificate 
#-httpAddr http protocol port defaults to 80 
#-httpsAddr https protocol port defaults to 443 
#-tunnelAddr channel port defaults to 4443

Be sure to note that domain represents the domain name, then this domain name is the domain name of the environment variable you defined before. Don’t be wrong.

Successful start shows:

It can be seen that listening to port 80 port 443 port 4443 port and executing a listening start in 30 seconds is successful

Second-level domain name mapping settings

This is simple but important as follows

The use of pan-analytics to resolve first-level domain names at level 3 has not been studied yet. You can follow the above analysis.

Client startup

Use winscp to pull down the generated windows_amd64 locally

There is only one ngrok.exe program inside

Create a new ngrok.cfg file in the same directory. The file type can be customized, but pay attention to the same when executing

ngrok.cfg contents

server_addr: "abc.club:4443"  
trust_host_root_certs: false

server_addr: “abc.club:4443” Among them, abc.club is the domain name you set by yourself. 4443 is the listening port when the service area starts. Keep the same (if you change it, don’t change it)

The client has two startup methods:

1.cmd to the windows_amd64 root directory

Execute the following command directly

ngrok -config=./ngrok.cfg -subdomain=test 8080

#Parameter Description
ngrok.cfg the newly created file
-subdomain= test  test : penetrated domain name prefix
8080: The penetrating domain name mapping port

start up

It means that the assigned domain name is successfully accessed.

  1. Write a .bat script

content of boom.bat

@ echo OFF
color 0a
Title boom Ngrok Launcher
Mode con cols=109 lines=30
:START
set /p clientid= Please enter the prefix:
 echo .
 set /p port= Please enter the port:
 echo .
ngrok -config=ngrok.cfg -subdomain %clientid% %port%
PAUSE
goto TUNNEL

Simple, you can also make some patterns or something according to personal preference

Access the assigned domain name

graphic interface

After the project starts, visit 127.0.0.1:4040 or localhost:4040

Set ngrok as a system service and start automatically at boot

edit

vim /etc/rc.d/init.d/ngrok

ngrok content

#!/bin/bash

#chkconfig: -

#description:ngrok  


case "$1" in
    start)
    echo "start ngrok service.."
    cd /usr/local/ngrok/
    setsid ./bin/ngrokd -tlsKey=server.key -tlsCrt=server.crt -domain="abc.club" -httpAddr=":80" -httpsAddr=":443" -tunnelAddr=":4443" 
    ;;
        *)
        exit 1
        ;;
esac

###Parameter description: 
### cd /usr/local/ngrok/: enter the ngrok directory 
### setsid: start without this result, close the window and find that the service has stopped plus it is currently easy to use 
### setsid ./bin/ ngrokd -tlsKey=server.key -tlsCrt=server.crt -domain="abc.club" -httpAddr=":80" -httpsAddr=":443" -tunnelAddr=":4443" : Start the ngrok server command

give this profile permission

chmod  755 ngrok

Register as a system service

chkconfig --add  ngrok

Then check if the addition is successful

chkconfig

start up

service ngrok start

If it can appear and the monitor 30s interface that appeared directly by typing the command before, it will be added successfully

Set to start automatically

After adding it as a system service, the status of ngrok is all off, so it needs to be set to start automatically after booting. 

systemctl enable ngrok.service //Add to boot 
systemctl daemon-reload   //Reload the configuration file

Restart the server to directly enable client detection 

Precautions

The server starts successfully and the client cannot connect:

It’s because the firewall ports are not open 443 4443 8080 and so on.

After opening, you can turn off the firewall and it’s useless 

After it is turned on, it still cannot be connected, so you need to go to the cloud server to set the inbound rules of the security group:

It’s good to set it up. It can be built without too many problems. It’s a smooth journey.

Code word code map is not easy to see and cherish

If you have any questions, please provide guidance, thank you

You may also like...

Leave a Reply

Your email address will not be published.