gitea-mirror/hacktricks-cloud
1
0
Fork 0
mirror of https://github.com/HackTricks-wiki/hacktricks-cloud.git synced 2026-01-03 08:17:32 -08:00
Code Issues Packages Projects Releases Wiki Activity

Migrate to using mdbook

Browse Source
This commit is contained in:
Congon4tor
2024-12-31 17:04:35 +01:00
parent b9a9fed802
commit cd27cf5a2e
1373 changed files with 26143 additions and 34152 deletions
Download Patch File Download Diff File Expand all files Collapse all files

40
src/pentesting-cloud/azure-security/az-services/az-application-proxy.md Normal file
View File

@@ -0,0 +1,40 @@
# Az - Application Proxy
{{#include ../../../banners/hacktricks-training.md}}
## Basic Information
[From the docs:](https://learn.microsoft.com/en-us/entra/identity/app-proxy/application-proxy)
Azure Active Directory's Application Proxy provides **secure remote access to on-premises web applications**. After a **single sign-on to Azure AD**, users can access both **cloud** and **on-premises applications** through an **external URL** or an internal application portal.
It works like this:
<figure><img src="../../../images/image (186).png" alt=""><figcaption></figcaption></figure>
1. After the user has accessed the application through an endpoint, the user is directed to the **Azure AD sign-in page**.
2. After a **successful sign-in**, Azure AD sends a **token** to the user's client device.
3. The client sends the token to the **Application Proxy service**, which retrieves the user principal name (UPN) and security principal name (SPN) from the token. **Application Proxy then sends the request to the Application Proxy connector**.
4. If you have configured single sign-on, the connector performs any **additional authentication** required on behalf of the user.
5. The connector sends the request to the **on-premises application**.
6. The **response** is sent through the connector and Application Proxy service **to the user**.
## Enumeration
```powershell
# Enumerate applications with application proxy configured
Get-AzureADApplication | %{try{Get-AzureADApplicationProxyApplication -ObjectId $_.ObjectID;$_.DisplayName;$_.ObjectID}catch{}}
# Get applications service principal
Get-AzureADServicePrincipal -All $true | ?{$_.DisplayName -eq "Name"}
# Use the following ps1 script from https://learn.microsoft.com/en-us/azure/active-directory/app-proxy/scripts/powershell-display-users-group-of-app
# to find users and groups assigned to the application. Pass the ObjectID of the Service Principal to it
Get-ApplicationProxyAssignedUsersAndGroups -ObjectId <object-id>
```
## References
- [https://learn.microsoft.com/en-us/azure/active-directory/app-proxy/application-proxy](https://learn.microsoft.com/en-us/azure/active-directory/app-proxy/application-proxy)
{{#include ../../../banners/hacktricks-training.md}}