Have you had a look at ToR’s documentation? I personally think your answer lies in the design of ToR itself, but this may or may not help you. I also feel like there is a piece missing here… or is that just me?
I don’t know the internals of ngrok enough to know if this is a good idea.
But anyways, I tried a bit around with it and got it a working connection through torify ./ngrok http 80 I would assume connecting through tcp would work as well?
I’m a bit confused by that.
Next I read a bit through the docs of ngrok and figured out they actually have a configuration option for SOCKS5 Proxies so I set that to socks5_proxy: "socks5://localhost:9050" which is tors default port for that.
I then tried to connect with ./ngrok http -config=./ngrok.yml 80 (again I only tested http) and checked with Wireshark and nyx if it’s actually connecting through tor which appears to be true (well it’s sending something through tor but that might just be a keep alive and not the actual connection).
Edit:
Just tested it ./ngrok http 80 on my Whonix Box as well and it works as well.
Tails redirects all trafic through tor as well doesn’t it? if yes you should be able to run the command without torify.
I’m very sorry if this doesn’t actually work for tcp and I can also not guarantee that this doesn’t leak your real ip either. I’m not too good with this stuff 
3 Likes
@Leeky Good to here this 
,
Can you tell me the setting of your (Tails) you used (i.e : Vm or on live usb, ngrok was on persistent volume, … etc )
I tried what you tried in my VM and no success. This makes me think again that it is something related to permissions and VM or something like this.
@BlackSteelCannon oh I didn’t try this on Tails, I just assumed that it would run there as well.
I used a Whonix VirtualBox VM installation for my second try that routed all traffic through tor.
The initial test that with torify and the ngrok configuration was done on a plain Ubuntu VM.
Finally I reached something important and got it to work
First I don’t know how it worked and thus I may have miss-understand for if really Tails flows all traffic through tor or not.
The solution was in the previous quote, I put :
./ngrok tcp -config=./ngrok.yml 8920
8920 is example of port number and “ngrok.yml” is a config file contains account token from ngrok and ( The important part) the argument @Leeky mentioned, socks proxy option in ngrok ( not tails )
This way, everything worked well and ngrok finally connected.
This confuses me a bit, why torify didn’t do the job ? I have no answer
3 Likes
There is another problem I preferred to put it in a separate reply.
My server was listening to port 4000, and Ngrok directs anything coming to its server at port number x to my local machine at port 4000 ( That’s how I understand it )
Now, I was testing in my main os (windows) and tails VM. when no server, client catches a connection ! and go crazy although no server to listen to it !
am I missing something ?
When tried between server and client running on the main OS, the problem took place to, except that server accepts connection when run first…
I put this in a separate reply as I think this is not related to Tails
What application are you ngrok’ing? If it’s a web application, then use ngrok http <port number>. If it is not a web application use tcp, ngrok tcp <port number>.
1 Like
For sure I am doing this, my reverse shell is TCP and use tcp with ngrok.
This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.