{"id":15120,"date":"2026-03-24T11:11:14","date_gmt":"2026-03-24T08:11:14","guid":{"rendered":"https:\/\/www.inetmar.com\/blog\/?p=15120"},"modified":"2026-03-24T12:50:12","modified_gmt":"2026-03-24T09:50:12","slug":"ngrok-nedir-ngrokun-riskleri","status":"publish","type":"post","link":"https:\/\/www.inetmar.com\/blog\/ngrok-nedir-ngrokun-riskleri\/","title":{"rendered":"Ngrok Nedir? Ngrok\u2019un Riskleri"},"content":{"rendered":"

Ngrok modern yaz\u0131l\u0131m geli\u015ftirme d\u00fcnyas\u0131nda isvi\u00e7re \u00e7ak\u0131s\u0131 olarak tabir edilen, yerel a\u011fdaki bir sunucuyu saniyeler i\u00e7inde d\u0131\u015f d\u00fcnyaya a\u00e7maya yarayan g\u00fc\u00e7l\u00fc bir t\u00fcnelleme arac\u0131d\u0131r. Ancak sundu\u011fu bu muazzam kolayl\u0131k, beraberinde ciddi siber g\u00fcvenlik risklerini de getirmektedir.<\/p>\n

Ngrok Ne Demek?<\/h2>\n

Ngrok<\/strong> localhost yani yerel makinenizde \u00e7al\u0131\u015fan bir servisi, g\u00fcvenli bir t\u00fcnel \u00fczerinden internete a\u00e7an bir “reverse proxy” hizmetidir. Normal \u015fartlarda yerel bir web sitesini internete a\u00e7mak i\u00e7in modemden port y\u00f6nlendirme yapmak, statik IP edinmek veya bir sunucuya deploy etmek gerekir. Ngrok, t\u00fcm bu karma\u015f\u0131k s\u00fcre\u00e7leri tek bir komutla devre d\u0131\u015f\u0131 b\u0131rak\u0131r.<\/p>\n

Nas\u0131l \u00c7al\u0131\u015f\u0131r?<\/h3>\n

Sisteminizde bir Ngrok istemcisi \u00e7al\u0131\u015ft\u0131rd\u0131\u011f\u0131n\u0131zda, bu istemci Ngrok bulut sunucu<\/a> servislerine bir ba\u011flant\u0131 kurar. Ngrok size xyz.ngrok-free.app<\/code> gibi genel bir URL atar. Bu URL’ye gelen t\u00fcm istekler, Ngrok sunucular\u0131 \u00fczerinden t\u00fcnellenerek do\u011frudan sizin bilgisayar\u0131n\u0131zdaki yerel porta iletilir.<\/p>\n

Temel Kullan\u0131m Alanlar\u0131<\/h3>\n
    \n
  • Webhook Testleri:<\/strong> GitHub, Stripe veya Slack gibi platformlardan gelen Webhook bildirimlerini anl\u0131k olarak yerel bilgisayar\u0131n\u0131zda test etmek.<\/li>\n
  • Demo Sunumlar\u0131:<\/strong> Haz\u0131rlad\u0131\u011f\u0131n\u0131z bir projeyi sunucuya y\u00fcklemeden, m\u00fc\u015fteriye veya ekip arkada\u015f\u0131n\u0131za bir link \u00fczerinden h\u0131zl\u0131ca g\u00f6stermek.<\/li>\n
  • Mobil Uygulama Geli\u015ftirme:<\/strong> Telefonunuzdaki uygulaman\u0131n, bilgisayar\u0131n\u0131zdaki backend servisiyle konu\u015fmas\u0131n\u0131 sa\u011flamak.<\/li>\n<\/ul>\n

    \"Ngrok\"<\/p>\n

    Ngrok Riskleri<\/h2>\n

    Ngrok ne kadar pratikse, yanl\u0131\u015f ellerde veya dikkatsiz yap\u0131land\u0131rmalarda o kadar tehlikeli olabilir. \u0130\u015fte dikkat edilmesi gereken kritik g\u00fcvenlik a\u00e7\u0131klar\u0131:<\/p>\n

    Yetkisiz Eri\u015fim ve Veri S\u0131z\u0131nt\u0131s\u0131<\/h3>\n

    Ngrok ile bir t\u00fcnel a\u00e7t\u0131\u011f\u0131n\u0131zda, varsay\u0131lan olarak bu URL d\u00fcnya \u00fczerindeki herkese a\u00e7\u0131kt\u0131r. E\u011fer yerel servisinizde g\u00fc\u00e7l\u00fc bir kimlik do\u011frulama mekanizmas\u0131 yoksa, URL’yi bir \u015fekilde ele ge\u00e7iren (brute force veya s\u0131z\u0131nt\u0131 yoluyla) herhangi bir sald\u0131rgan, do\u011frudan bilgisayar\u0131n\u0131zdaki dosyalara veya veritaban\u0131na eri\u015febilir.<\/p>\n

    Shadow IT Tehlikesi<\/h3>\n

    Kurumsal \u015firketlerde \u00e7al\u0131\u015fanlar\u0131n, BT departman\u0131n\u0131n haberi olmadan Ngrok kullanmas\u0131 ciddi bir risk te\u015fkil eder. \u015eirketin g\u00fcvenlik duvarlar\u0131 d\u0131\u015far\u0131dan gelen ba\u011flant\u0131lar\u0131 engellemek i\u00e7in tasarlanm\u0131\u015ft\u0131r; ancak Ngrok ba\u011flant\u0131y\u0131 i\u00e7eriden d\u0131\u015far\u0131ya do\u011fru ba\u015flatt\u0131\u011f\u0131 i\u00e7in bu duvarlar\u0131 “bypass” eder. Bu durum, kurumsal a\u011fda kontrols\u00fcz bir arka kap\u0131 yani backdoor a\u00e7\u0131lmas\u0131 demektir.<\/p>\n

    Zararl\u0131 Yaz\u0131l\u0131m ve Phishing Arac\u0131 Olarak Kullan\u0131m\u0131<\/h3>\n

    Siber sald\u0131rganlar, phishing sayfalar\u0131n\u0131 bar\u0131nd\u0131rmak i\u00e7in s\u0131k s\u0131k Ngrok kullan\u0131r. Ngrok\u2019un sa\u011flad\u0131\u011f\u0131 URL’ler “ngrok-free.app” gibi g\u00fcvenilir g\u00f6r\u00fcnen bir ana alan ad\u0131na sahip oldu\u011fu i\u00e7in, e-posta filtrelerini ve kullan\u0131c\u0131lar\u0131n \u015f\u00fcphelerini daha kolay a\u015fabilirler. Ayr\u0131ca komuta kontrol (C2) merkezleri i\u00e7in gizli t\u00fcneller olu\u015fturmak amac\u0131yla da tercih edilmektedir.<\/p>\n

    Trafi\u011fin \u0130zlenmesi<\/h3>\n

    T\u00fcnellenen t\u00fcm trafik Ngrok\u2019un kendi sunucular\u0131 \u00fczerinden ge\u00e7er. Her ne kadar u\u00e7tan uca \u015fifreleme se\u00e7enekleri olsa da, \u00fccretsiz veya yanl\u0131\u015f yap\u0131land\u0131r\u0131lm\u0131\u015f planlarda trafi\u011fin metadata bazl\u0131 analizi veya (teorik olarak) araya girilmesi m\u00fcmk\u00fcnd\u00fcr. Hassas verilerle \u00e7al\u0131\u015f\u0131rken bu bir risk fakt\u00f6r\u00fcd\u00fcr.<\/p>\n

    G\u00fcvenli Bir \u015eekilde Ngrok Nas\u0131l Kullan\u0131l\u0131r?<\/h2>\n

    Ngrok kullan\u0131rken riskleri minimize etmek i\u00e7in \u015fu ad\u0131mlar\u0131 mutlaka uygulay\u0131n:<\/p>\n

      \n
    1. Auth Token Kullan\u0131n:<\/strong> Her zaman hesab\u0131n\u0131za \u00f6zel authtoken<\/code> ile kimlik do\u011frulamas\u0131 yap\u0131n.<\/li>\n
    2. Kimlik Do\u011frulamas\u0131 Ekleyin:<\/strong> Ngrok\u2019un sundu\u011fu --auth=\"kullan\u0131c\u0131:\u015fifre\"<\/code> parametresini kullanarak t\u00fcnelinize bir giri\u015f katman\u0131 ekleyin veya Google\/GitHub ile OAuth yap\u0131land\u0131rmas\u0131n\u0131 aktif edin.<\/li>\n
    3. IP K\u0131s\u0131tlamas\u0131 (Whitelist):<\/strong> Sadece belirli IP adreslerinin t\u00fcnelinize eri\u015fmesine izin verin (\u00dccretli planlarda mevcuttur).<\/li>\n
    4. \u0130\u015finiz Bitince Kapat\u0131n:<\/strong> Test i\u015fleminiz biter bitmez t\u00fcneli aktif olarak sonland\u0131r\u0131n; a\u00e7\u0131k b\u0131rak\u0131lan her t\u00fcnel, unutulmu\u015f bir a\u00e7\u0131k kap\u0131d\u0131r.<\/li>\n<\/ol>\n

      \u00d6zetlemek gerekirse Ngrok geli\u015ftirici verimlili\u011fini art\u0131ran harika bir ara\u00e7 olsa da, a\u011f g\u00fcvenli\u011fi konusunda bilin\u00e7li kullan\u0131lmal\u0131d\u0131r. \u00d6zellikle kurumsal ortamlarda “g\u00fcvenlik duvar\u0131n\u0131 a\u015fma” yetene\u011fi, onu potansiyel bir tehdit haline getirir. Kural basit<\/strong> eri\u015fimi k\u0131s\u0131tlay\u0131n, trafi\u011fi izleyin ve asla t\u00fcnelleri ba\u015f\u0131bo\u015f b\u0131rakmay\u0131n.<\/p>\n","protected":false},"excerpt":{"rendered":"

      Ngrok modern yaz\u0131l\u0131m geli\u015ftirme d\u00fcnyas\u0131nda isvi\u00e7re \u00e7ak\u0131s\u0131 olarak tabir edilen, yerel a\u011fdaki bir sunucuyu saniyeler i\u00e7inde d\u0131\u015f d\u00fcnyaya a\u00e7maya yarayan g\u00fc\u00e7l\u00fc bir t\u00fcnelleme arac\u0131d\u0131r. Ancak sundu\u011fu bu muazzam kolayl\u0131k, beraberinde ciddi siber g\u00fcvenlik risklerini de...<\/p>\n","protected":false},"author":2,"featured_media":15145,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[52],"tags":[],"class_list":["post-15120","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-guvenlik"],"_links":{"self":[{"href":"https:\/\/www.inetmar.com\/blog\/wp-json\/wp\/v2\/posts\/15120","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.inetmar.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.inetmar.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.inetmar.com\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.inetmar.com\/blog\/wp-json\/wp\/v2\/comments?post=15120"}],"version-history":[{"count":7,"href":"https:\/\/www.inetmar.com\/blog\/wp-json\/wp\/v2\/posts\/15120\/revisions"}],"predecessor-version":[{"id":15152,"href":"https:\/\/www.inetmar.com\/blog\/wp-json\/wp\/v2\/posts\/15120\/revisions\/15152"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.inetmar.com\/blog\/wp-json\/wp\/v2\/media\/15145"}],"wp:attachment":[{"href":"https:\/\/www.inetmar.com\/blog\/wp-json\/wp\/v2\/media?parent=15120"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.inetmar.com\/blog\/wp-json\/wp\/v2\/categories?post=15120"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.inetmar.com\/blog\/wp-json\/wp\/v2\/tags?post=15120"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}