mirror of
https://github.com/HackTricks-wiki/hacktricks-cloud.git
synced 2026-04-28 12:03:08 -07:00
Update az-front-door.md
This commit is contained in:
SirBroccoli
@@ -10,8 +10,6 @@ To bypass this rule automated tools can be used that **brute-force IP addresses*
|
||||
|
||||
This is mentioned in the [Microsoft documentation](https://learn.microsoft.com/en-us/azure/web-application-firewall/afds/waf-front-door-configure-ip-restriction).
|
||||
|
||||
---
|
||||
|
||||
## Credential Skimming via WAF Custom Rules + Log Analytics
|
||||
|
||||
Abuse Azure Front Door (AFD) WAF Custom Rules in combination with Log Analytics to capture cleartext credentials (or other secrets) traversing the WAF. This is not a CVE; it’s misuse of legitimate features by anyone who can modify the WAF policy and read its logs.
|
||||
@@ -80,9 +78,6 @@ The matched values appear in details_matches_s and include the cleartext values
|
||||
- An existing Azure Front Door instance.
|
||||
- Permissions to edit the AFD WAF policy and read the associated Log Analytics workspace.
|
||||
|
||||
### Impact
|
||||
- High risk: An operator with WAF/Log access can silently harvest secrets at the trusted TLS termination point.
|
||||
|
||||
## References
|
||||
|
||||
- [https://trustedsec.com/blog/azures-front-door-waf-wtf-ip-restriction-bypass](https://trustedsec.com/blog/azures-front-door-waf-wtf-ip-restriction-bypass)
|
||||
|
||||
Reference in New Issue
Block a user