This has been a week that TikTok—the Chinese viral video giant that has soared under lockdown—will want to put quickly behind it. The ByteDance-owned platform was under fire anyway, over allegations of data mishandling and censorship, but then a beta version of Apple’s iOS 14 caught the app secretly accessing users’ clipboards and a backlash immediately followed.



Whether India had always planned to announce its ban on TikTok, along with 58 other Chinese apps, on June 29, or was prompted by the viral response to the iOS security issue is not known. But, as things stand, TikTok has been pulled from the App Store and Play Store in India, its largest market, and has seen similar protests from users in other major markets around the world, including the U.S.Anonymous Hackers Directly Target TikTok: ‘Delete This Chinese Spyware Now’

One of the more unusual groups campaigning against TikTok is the newly awakened Anonymous hactivist group. As ever with Anonymous, it’s difficult to attribute anything to the non-existent central core of this loosely affiliated hacker collective, but one of the better followed Twitter accounts ostensibly linked to the group has been mounting a fierce campaign against TikTok for several weeks, one that has now gained prominence given the events of the last few days.



“Delete TikTok now,” the account tweeted today, July 1, “if you know someone that is using it, explain to them that it is essentially malware operated by the Chinese government running a massive spying operation.”

Delete TikTok now; if you know someone that is using it explain to them it is essentially malware operated by the Chinese government running a massive spying operation. https://t.co/J7N9FS7PvG

— Anonymous (@YourAnonCentral) July 1, 2020

The account linked to a story that has been doing the rounds in recent days, following a Reddit post from an engineer who claimed to have “reverse engineered” TikTok to find a litany of security and privacy abuses. There has been no confirmation yet as to the veracity of these allegations, and TikTok did not provide any comment on the claims when I approached them.




The original issue that prompted Anonymous to target TikTok appears to be the “misrepresentation” of Anonymous on TikTok itself, with the setting up of an account. “Anonymous has no TikTok account,” the same Twitter account tweeted on June 6, “that is an App created as spyware by the Chinese government.”



Those affiliated with Anonymous take exception to copycat accounts, which is complicated by the lack of any central function. In the aftermath of the Minneapolis Police story, someone affiliated with the group took exception to a Twitter account that was monetising the brand, telling me: “We do not appreciate false flag impersonations. There will be consequences.”



See also

• Digital strike on 59 Chinese apps including TikTok, UC Browser, India banned

This has now become an interesting collision of two completely different viral stories in their own right. Anonymous hit the headlines a month ago, when the “group” seemed to mount a comeback in the wake of the killing of George Floyd. A video posted on Facebook threatened to “expose the many crimes” of the Minneapolis Police unless the officers responsible were held to account.



There have been various stories since then, with reports of DDoS attacks on police service websites, the hacking of data and even the compromise of radio systems. But, as ever, with Anonymous, it is always critical to remember that you are seeing that loose affiliation of like-minded individuals, with Anonymous used as a rallying cry and an umbrella for claims and counter-claims. Attribution, as such, is not possible.



This also puts TikTok in the somewhat unique position of having united various governments, including the U.S., and Anonymous behind the same cause.


For TikTok, whether there is any hacking risk following these social media posts we will have to wait and see. Again, you have to remember the way this works. A rallying call has gone out to like-minded hacking communities worldwide. A target has been named and shamed. It would not be a surprise if claims of hacks or DDoS website attacks followed. That’s the patten now.



So, why does this matter? Well, it’s one thing for the U.S. government or even the Indian government to warn hundreds of millions of users about the dangers of TikTok, but various celebrities and influencers have also been swayed by the latest claims and have publicly expressed their concerns. Anonymous is a viral movement that is targeting some of the same user base that has driven TikTok’s growth. It is campaigning against TikTok, and that campaign will drive its own viral message.



And while until now that user base has remained steadfastly resilient to any of those warnings, sticking with the video sharing app in droves, you can start to get the feeling now that come of this might stick. It’s subtle, and it’s always risky to judge the world by the twitter-sphere, but there’s a change now in the wind.



Credit : Forbes

Disclaimer for Hacking Truth

If you require any more information or have any questions about our site's disclaimer, please feel free to contact us by email at kumaratuljaiswal222@gmail.com

 

Disclaimers for Hacking Truth

All the information on this website - https://www.kumaratuljaiswal.in/ - is published in good faith and for general information purpose only. Hacking Truth does not make any warranties about the completeness, reliability and accuracy of this information. Any action you take upon the information you find on this website (Hacking Truth), is strictly at your own risk. Hacking Truth will not be liable for any losses and/or damages in connection with the use of our website.


From our website, you can visit other websites by following hyperlinks to such external sites. While we strive to provide only quality links to useful and ethical websites, we have no control over the content and nature of these sites. These links to other websites do not imply a recommendation for all the content found on these sites. Site owners and content may change without notice and may occur before we have the opportunity to remove a link which may have gone 'bad'.
Please be also aware that when you leave our website, other sites may have different privacy policies and terms which are beyond our control. Please be sure to check the Privacy Policies of these sites as well as their "Terms of Service" before engaging in any business or uploading any information.

 

Consent

By using our website, you hereby consent to our disclaimer and agree to its terms.

Update

Should we update, amend or make any changes to this document, those changes will be prominently posted here.




I hope you liked this post, then you should not forget to share this post at all.
Thank you so much :-)

Complete list of Chinese apps banned by Indian government: TikTok ,, India has banned 59 Chinese apps including UC browser. Let us know that the government has banned these Chinese apps under the IT Act 2000.



A big decision has been taken amidst the deadlock on the border with China. 59 Chinese apps have been banned in India. Among the apps that have been banned are TicketLock, UC Browser, Share It etc. Apart from these, Hello, Like, Cam Scanner, Sheen Kwai have also been banned. Baidu Map, KY, DU Battery Scanner has also been banned. Let us know that the government has banned these Chinese apps under the IT Act 2000. Digital strike on 59 Chinese apps including TikTok, UC Browser, India banned



Earlier, Indian security agencies had prepared a list of Chinese apps and appealed to the central government to ban them or people should be asked to immediately remove them from their mobiles. The reasoning behind this was that China could hack Indian data.



At the same time, 20 soldiers of India were martyred in the recent violent clash with the Chinese army in the Galvan Valley of Ladakh. Since then, there was anger among the people of India about all the apps including China and its products. Prime Minister Narendra Modi also appealed to the people to become a self-reliant India.



However, the decision to ban these 59 apps from China has been taken at a time when the third round of core commander level meeting between the two countries is going to be held in Ladakh. The special thing is that this meeting is being held on the call of India this time. Earlier, both the meetings were held at the invitation of China.





FULL LIST OF CHINESE APPS BANNED BY GOVT:
1. TikTok
2. Shareit
3. Kwai
4. UC Browser
5. Baidu map
6. Shein
7. Clash of Kings
8. DU battery saver
9. Helo
10. Likee
11. YouCam makeup
12. Mi Community
13. CM Browers
14. Virus Cleaner
15. APUS Browser
16. ROMWE
17. Club Factory
18. Newsdog
19. Beutry Plus
20. WeChat
21. UC News
22. QQ Mail
23. Weibo
24. Xender
25. QQ Music
26. QQ Newsfeed
27. Bigo Live
28. SelfieCity
29. Mail Master
30. Parallel Space 31. Mi Video Call – Xiaomi
32. WeSync
33. ES File Explorer
34. Viva Video – QU Video Inc
35. Meitu
36. Vigo Video
37. New Video Status
38. DU Recorder
39. Vault- Hide
40. Cache Cleaner DU App studio
41. DU Cleaner
42. DU Browser
43. Hago Play With New Friends
44. Cam Scanner
45. Clean Master – Cheetah Mobile
46. Wonder Camera
47. Photo Wonder
48. QQ Player
49. We Meet
50. Sweet Selfie
51. Baidu Translate
52. Vmate
53. QQ International
54. QQ Security Center
55. QQ Launcher
56. U Video
57. V fly Status Video
58. Mobile Legends
59. DU Privacy




I hope you liked this post, then you should not forget to share this post at all.
Thank you so much :-)

35 lakh rupees waiting for you even a little knowledge of hacking is there

If you too have a fondness for hacking, you know about coding, then 35 lakh rupees are waiting for you. Sony, the leading electronic company, has announced the bug bounty program for the gaming console PlayStation. Under this program, gamers or any common man may be entitled to this award by removing bugs in the PlayStation 4 and PlayStation Network. Earlier, Sony's PlayStation bug bounty program used to be private, but this year for the first time the company has announced to make it public. hacker101




Announcing this bug bounty program, Sony wrote in its blog, 'It is a fundamental part of our product security that gives a great experience to our community. To strengthen the security, we attach great importance to the research community. We are excited to announce the new bug bounty program. hackerone



The company has partnered with HackerOne for this and under this program, work is going on to find flaws in PS4 system, operating system, accessories and PlayStation network. It must be mentioned here that PS3 and PS2 are not part of this program. Bug Bounty Program








Sony has divided the prize money of Bug Bounty into four parts, which include Critical, High Severity, Medium Severity and Low Severity. For finding Critical Bugs in PlayStation 4, you will get 50,000 dollars i.e. about 38 lakh rupees, while searching for High, Medium and Low Severity bugs will get 10,000 dollars i.e. about 7.5 lakh rupees, 2,500 dollars i.e. two lakh rupees and 500 dollars i.e. about 38,000 rupees respectively. Bug crowd





Talking about the PlayStation Network (PSN), if you find a critical bug in it, then you will get 3,000 dollars i.e. about 2.5 lakh rupees, while on searching for high, medium and low severity bugs, 1,000 dollars i.e. about 75,500 rupees, 400 dollars i.e. 30,000 rupees respectively. 100 dollars i.e. about 7,500 rupees.



I hope you liked this post, then you should not forget to share this post at all.
Thank you so much :-)

Background Concept About Cross Site Scripting ( XSS ) With Examples

Now we are going to talk about XSS cross site scripting. XSS Vulnerabilities are among the most wide spread wab application vulnerabilities on the internet. 


Cross-site-scripting (XSS) attacks are a type of injection, in which malicious scripts are injected into otherwise benign and trusted web sites. XSS attacks occur when an attacker uses a web application to send malicous code, generally in the form of a browser side script, to a different end user. Flaws that allow these attacks to succeed are quite widespread and occur antwhere a web application uses input from a user within the output  it generates without validating or encoding it. Background concept about cross site scripting with examples



An attacker can use XSS to send a malicious script to an unsuspecting user. The end user's browsers has no way to kmow that the script should not be trusted, and will execute the script. Because it thinks the script came from a trusted source, the malicious script can access any cookies, session tokens or, other sensitive information retined by the browser and used with that site. cross site scripting with examples



It's refer to client side injection attack where an attacker can execute malicious scripts into a legitimate website or web application.  By leavrging a cross site scipting, an attacker doesn't target the victim directly instead an attacker would exploit a vulnerability within a web applications or websites that the victim would visit essentially using the vulnerable website as a vehicle the deliver the malcious script to the victim's browser. basicallly we will use a website to deliver our payloads to the victime, when victim visit into that they paylaod are will executed and the payload will to our job, payload can be malicious, payload can be simple whatever. xss examples

Let's talk about impact of XSS

1) Cookie theft
2) Keylogging
3) Phishing
4) URL Redirection



cross site scripting can be used to a part of URL redirection. Cookies stealing, Keylogging, Phishing etc.


so, in order to run our javascript malicious script in a victim's browser, an attacker must first find a way to inject a payload into web page. That's the victim visit. 


for exploitation, attacker can used social engineering way such as email, click jacking to manipulate user for executation to our payload.

Let's talk about the Types of XSS...

Mainly cross site scriptings are parts of three types :-


1) Reflected XSS
2) Stored XSS
3) DOM-based XSS




Reflected XSS or  Stored XSS 

It's a most common types of Cross site scripting, attacker payload script has to be part of the request which is send to the website an reflect back in such as a way that the HTTP response includes that the payload.

so, basically reflected cross site scripting are required client site interaction, if user will visit that the vulnerable web page and server will deliver our paylaod to the users browse here, then user stored this but server want any payload,we will deliver our paylaod to the client browser and if client visiting that then there's a client side attacks. sql injection cheatsheet




DOM Based XSS :-

it's a advance type of cross site scripting attack, which be made possibly when the web application client site scripting writes user provides a data into a document objects model. The Most dangerous parts of this attack is client side attacks. how to prevent from sql injection


In the attacker's payload is never sent to the server, this makes it will more to detect web application firewall and security engineers.


so basically let's take example of Reflected, stored and DOM through practially,




This is a website testphp.vulnweb.com


So we will type something in the search box like Hello or HackingTruth.in and hit go button...









so it's a reflected but not stored, it's not storing..
so there may be reflected cross site scripting.



Now. let's click on the signup option and you can try withlogin based application and if i will give a any text like kumaratuljaiswal.in

DOM XSS

if i will give any parameter like hello

paramter=hello


<script></script>


and just executing to the user's context, nor the server side to the sever application, then there may be DOM based...

Example this

prompt.mI/O


this is not sending to the server there are executing to the our context, if i will give anypayload there and it will execute then this is called DOM based scripting. cross site scripting how to prevent


see this








so just only executing on the user's script, nor the server side  nor to the client side.

How to Hunt for XSS ?

• Find a Input parameter, Give any input there and not senitizer then If your input reflect or stored any where there may be XSS.

• Try to execute any javascript code there, if you succeed to execute any javascript then there is a XSS

• Exploitation of XSS.

you'll find a input parameter then give input there , if your input reflect or stored anywhere there may be cross site scripting. cross site scripting example



XSS Cheatsheet Here :- Click Here 



I hope its clear to about The Background concept of cross site scripting :-)

Disclaimer

This was written for educational purpose and pentest only.
The author will not be responsible for any damage ..!
The author of this tool is not responsible for any misuse of the information.
You will not misuse the information to gain unauthorized access.
This information shall only be used to expand knowledge and not for causing  malicious or damaging attacks. Performing any hacks without written permission is illegal ..!


All video’s and tutorials are for informational and educational purposes only. We believe that ethical hacking, information security and cyber security should be familiar subjects to anyone using digital information and computers. We believe that it is impossible to defend yourself from hackers without knowing how hacking is done. The tutorials and videos provided on www.hackingtruth.in is only for those who are interested to learn about Ethical Hacking, Security, Penetration Testing and malware analysis. Hacking tutorials is against misuse of the information and we strongly suggest against it. Please regard the word hacking as ethical hacking or penetration testing every time this word is used.


All tutorials and videos have been made using our own routers, servers, websites and other resources, they do not contain any illegal activity. We do not promote, encourage, support or excite any illegal activity or hacking without written permission in general. We want to raise security awareness and inform our readers on how to prevent themselves from being a victim of hackers. If you plan to use the information for illegal purposes, please leave this website now. We cannot be held responsible for any misuse of the given information.

Video Tutorial :-  SooN

 

I hope you liked this post, then you should not forget to share this post at all.
Thank you so much :-)

How Google Chrome will prevent websites from spying on you

As part of its effort to maintain user-privacy, Google Chrome is building a feature that could ultimately keep websites from spying on you.

The capability, which has been spotted in the developer build of the browser, will keep websites from accessing sensor data of your phone/computer.

For those unaware, this information can be used by websites/advertisers for tracking your movements and more. How Google Chrome will prevent websites from spying on you

Tracking using motion sensor

A few years back, a study revealed that potential attackers can use websites to fetch the motion sensor (accelerometer and gyroscope) data from a visitor's device.

The research claimed that the information mined by websites (via different APIs) could be used to determine your movements, including data like if you are moving, standing still, or traveling by car or train.





Information


Then, this information can be used to build user profiles

The movement information from the sensors can then be combined with web activity to build unique profiles of the visitors and track, surveil and monetize them. MSPoweruser claims that sensor information could even be used to recognize your unique walking gait.

Chrome is already working on a preventive method

Since many users want to protect themselves from being tracked by websites, Google Chrome is testing an option to allow or block censors for websites in the Canary.

These features will be available to both Android and desktop users, giving them the option to choose whether websites should know the speed and light sensors, and if the website starts getting information about things like light sensors in Chrome. There may be danger messages

And while you will be reading this post, this feature will be available in Chrome.

View this post on Instagram

A post shared by Kumar Atul Jaiswal ™ (@h4cking_truth.in_) on Jun 21, 2020 at 9:07pm PDT

And you should not forget to check this post, this is also part of motion in censor motion or light and do not forget to follow

How this feature would work

The feature, enabled by default, can be accessed from the 'Content' section in browser settings.

Meaning, whenever you open a page accessing sensors, the browser will generate an omnibox pop-up, similar to the one that opens for GPS or mic permissions, notifying about the access.

It will have two options: either allow sensor access for the page or block it permanently for that page.



Information


Per-site control only for desktop users

As of now, sensor access for individual websites can only be controlled on the desktop version of Chrome Canary. Android users, as HackingTruth.in(Kumaratuljaiswal) screenshots indicated, will get a single toggle to control access for all websites at once.

When this feature will be available

According to Chromium developers' message board, the feature has been targeted for Chrome 75.

As of now, the browser is on version 73, which means it might be a few months before it debuts in a stable release.

Also, in addition to this feature, Google has also been testing a dark mode for Chrome which would also recolor web pages.

Disable Motion Sensors

Load chrome://settings/content/sensors in the Chrome address bar(Computer/Smartphone).

Doing so opens the Sensor permissions in the browser.

Toggle "Allow sites to use motion and light sensors" to enable or disable Sensors globally.

Disclaimer

 

This was written for educational purpose and pentest only.
The author will not be responsible for any damage ..!
The author of this tool is not responsible for any misuse of the information.
You will not misuse the information to gain unauthorized access.
This information shall only be used to expand knowledge and not for causing  malicious or damaging attacks. Performing any hacks without written permission is illegal ..!


All video’s and tutorials are for informational and educational purposes only. We believe that ethical hacking, information security and cyber security should be familiar subjects to anyone using digital information and computers. We believe that it is impossible to defend yourself from hackers without knowing how hacking is done. The tutorials and videos provided on www.hackingtruth.in is only for those who are interested to learn about Ethical Hacking, Security, Penetration Testing and malware analysis. Hacking tutorials is against misuse of the information and we strongly suggest against it. Please regard the word hacking as ethical hacking or penetration testing every time this word is used.


All tutorials and videos have been made using our own routers, servers, websites and other resources, they do not contain any illegal activity. We do not promote, encourage, support or excite any illegal activity or hacking without written permission in general. We want to raise security awareness and inform our readers on how to prevent themselves from being a victim of hackers. If you plan to use the information for illegal purposes, please leave this website now. We cannot be held responsible for any misuse of the given information.







            
    


I hope you liked this post, then you should not forget to share this post at all.
Thank you so much :-)

What is Port Forwarding |  use of ngrok |  Access localhost website from outside network

In computer networking, port forwarding or port mapping is an application of network address translation (NAT) that redirects a communication request from one address and port number combination to another while the packets are traversing a network gateway, such as a router or firewall. This technique is most commonly used to make services on a host residing on a protected or masqueraded (internal) network available to hosts on the opposite side of the gateway (external network), by remapping the destination IP address and port number of the communication to an internal host.



Port forwarding allows remote computers (for example, computers on the Internet) to connect to a specific computer or service within a private local-area network (LAN).[3]


In a typical residential network, nodes obtain Internet access through a DSL or cable modem connected to a router or network address translator (NAT/NAPT). Hosts on the private network are connected to an Ethernet switch or communicate via a wireless LAN. The NAT device's external interface is configured with a public IP address. The computers behind the router, on the other hand, are invisible to hosts on the Internet as they each communicate only with a private IP address. What is Port Forwarding ? use of ngrok ? Access localhost website from outside network


When configuring port forwarding, the network administrator sets aside one port number on the gateway for the exclusive use of communicating with a service in the private network, located on a specific host. External hosts must know this port number and the address of the gateway to communicate with the network-internal service. Often, the port numbers of well-known Internet services, such as port number 80 for web services (HTTP), are used in port forwarding, so that common Internet services may be implemented on hosts within private networks.





Typical applications include the following:

•     Running a public HTTP server within a private LAN
•     Permitting Secure Shell access to a host on the private LAN from the         Internet
•     Permitting FTP access to a host on a private LAN from the Internet
•     Running a publicly available game server within a private LAN

Administrators configure port forwarding in the gateway's operating system. In Linux kernels, this is achieved by packet filter rules in the iptables or netfilter kernel components. BSD and macOS operating systems prior to Yosemite (OS 10.10.X) implement it in the Ipfirewall (ipfw) module while macOS operating systems beginning with Yosemite implement it in the Packet Filter (pf) module.





When used on gateway devices, a port forward may be implemented with a single rule to translate the destination address and port. (On Linux kernels, this is DNAT rule). The source address and port are, in this case, left unchanged. When used on machines that are not the default gateway of the network, the source address must be changed to be the address of the translating machine, or packets will bypass the translator and the connection will fail.



When a port forward is implemented by a proxy process (such as on application layer firewalls, SOCKS based firewalls, or via TCP circuit proxies), then no packets are actually translated, only data is proxied. This usually results in the source address (and port number) being changed to that of the proxy machine.



Usually only one of the private hosts can use a specific forwarded port at one time, but configuration is sometimes possible to differentiate access by the originating host's source address.



Unix-like operating systems sometimes use port forwarding where port numbers smaller than 1024 can only be created by software running as the root user. Running with superuser privileges (in order to bind the port) may be a security risk to the host, therefore port forwarding is used to redirect a low-numbered port to another high-numbered port, so that application software may execute as a common operating system user with reduced privileges.


The Universal Plug and Play protocol (UPnP) provides a feature to automatically install instances of port forwarding in residential Internet gateways. UPnP defines the Internet Gateway Device Protocol (IGD) which is a network service by which an Internet gateway advertises its presence on a private network via the Simple Service Discovery Protocol (SSDP). An application that provides an Internet-based service may discover such gateways and use the UPnP IGD protocol to reserve a port number on the gateway and cause the gateway to forward packets to its listening socket.

Types of port forwarding

Port forwarding can be divided into the following specific types: local, remote, and dynamic port forwarding.

Local port forwarding

Local port forwarding is the most common type of port forwarding. It is used to let a user connect from the local computer to another server, i.e. forward data securely from another client application running on the same computer as a Secure Shell (SSH) client. By using local port forwarding, firewalls that block certain web pages are able to be bypassed.

Remote port forwarding

This form of port forwarding enables applications on the server side of a Secure Shell (SSH) connection to access services residing on the SSH's client side.[8] In addition to SSH, there are proprietary tunnelling schemes that utilize remote port forwarding for the same general purpose.[9] In other words, remote port forwarding lets users connect from the server side of a tunnel, SSH or another, to a remote network service located at the tunnel's client side.


To use remote port forwarding, the address of the destination server (on the tunnel's client side) and two port numbers must be known. The port numbers chosen depend on which application is to be used.


Remote port forwarding allows other computers to access applications hosted on remote servers. Two examples:


An employee of a company hosts an FTP server at their own home and wants to give access to the FTP service to employees using computers in the workplace. In order to do this, an employee can set up remote port forwarding through SSH on the company's internal computers by including their FTP server’s address and using the correct port numbers for FTP (standard FTP port is TCP/21).


Opening remote desktop sessions is a common use of remote port forwarding. Through SSH, this can be accomplished by opening the virtual network computing port (5900) and including the destination computer’s address.
   

Dynamic port forwarding

Dynamic port forwarding (DPF) is an on-demand method of traversing a firewall or NAT through the use of firewall pinholes. The goal is to enable clients to connect securely to a trusted server that acts as an intermediary for the purpose of sending/receiving data to one or many destination servers.[11]


DPF can be implemented by setting up a local application, such as SSH, as a SOCKS proxy server, which can be used to process data transmissions through the network or over the Internet. Programs, such as web browsers, must be configured individually to direct traffic through the proxy, which acts as a secure tunnel to another server. Once the proxy is no longer needed, the programs must be reconfigured to their original settings. Because of the manual requirements of DPF, it is not often used.



Once the connection is established, DPF can be used to provide additional security for a user connected to an untrusted network. Since data must pass through the secure tunnel to another server before being forwarded to its original destination, the user is protected from packet sniffing that may occur on the LAN.



DPF is a powerful tool with many uses; for example, a user connected to the Internet through a coffee shop, hotel, or otherwise minimally secure network may wish to use DPF as a way of protecting data. DPF can also be used to bypass firewalls that restrict access to outside websites, such as in corporate networks.

How to use Ngrok for Access outside Network ?

1) first we need a localhost server such as hosting provider or need a web address to access the outside network ( For eg Ngrok )


ngrok.com













Spend more time programming. One command for an instant, secure URL to your localhost server through any NAT or firewall.




2) Signup or login to ngrok and go to with download option for downloading a ngrok server ( application )


https://ngrok.com/download




3) First, download the ngrok client, a single binary with zero run-time dependencies. you can downloa for MAC OS X, Windows, Mac (32bit), Windows (32-bit), Linux (ARM), Linux (ARM64), Linux (32-bit), FreeBSD (64-Bit), FreeBSD (32-bit)...  


4)  On Linux or OSX you can unzip ngrok from a terminal with the following command. On Windows, just double click ngrok.zip.


  $ unzip /path/to/ngrok.zip 


Most people like to keep ngrok in their primary user folder or set an alias for easy command-line access.







5)  Try it out by running it from the command line:


  ./ngrok help 




6) To start a HTTP tunnel on port 80, run this next:


  ./ngrok http 80  











OR


  ngrok http -subdomain=baz 8080 


OR



  ngrok http foo.dev:80   




OR


  ngrok http https://localhost 


OR


  ngrok tcp 22 

How To Access website from Outside Network ?

Type the following command and press enter :-


1)   serivce apache2 start 


otherwise i have already download and install external apache server ( XAMPP Server )









For chech a service status , it's a start or not  


  service apache2 start 



then we have ready to access our localhost website via inside and outside network  ( internet )



Now, we have to copy a ngrok's link


https://ab5ac26e3592.ngrok.io








Then access






Through Mobile

Disclaimer

 

This was written for educational purpose and pentest only.
The author will not be responsible for any damage ..!
The author of this tool is not responsible for any misuse of the information.
You will not misuse the information to gain unauthorized access.
This information shall only be used to expand knowledge and not for causing  malicious or damaging attacks. Performing any hacks without written permission is illegal ..!


All video’s and tutorials are for informational and educational purposes only. We believe that ethical hacking, information security and cyber security should be familiar subjects to anyone using digital information and computers. We believe that it is impossible to defend yourself from hackers without knowing how hacking is done. The tutorials and videos provided on www.hackingtruth.in is only for those who are interested to learn about Ethical Hacking, Security, Penetration Testing and malware analysis. Hacking tutorials is against misuse of the information and we strongly suggest against it. Please regard the word hacking as ethical hacking or penetration testing every time this word is used.


All tutorials and videos have been made using our own routers, servers, websites and other resources, they do not contain any illegal activity. We do not promote, encourage, support or excite any illegal activity or hacking without written permission in general. We want to raise security awareness and inform our readers on how to prevent themselves from being a victim of hackers. If you plan to use the information for illegal purposes, please leave this website now. We cannot be held responsible for any misuse of the given information.







            
    


I hope you liked this post, then you should not forget to share this post at all.
Thank you so much :-)

Calculate First and Last Usable IP on The Subnetwork