3.6 KiB
AWS - CloudFront Post Exploitation
{% hint style="success" %}
Learn & practice AWS Hacking:
HackTricks Training AWS Red Team Expert (ARTE)
Learn & practice GCP Hacking: 
HackTricks Training GCP Red Team Expert (GRTE)
Support HackTricks
- Check the subscription plans!
- Join the 💬 Discord group or the telegram group or follow us on Twitter 🐦 @hacktricks_live.
- Share hacking tricks by submitting PRs to the HackTricks and HackTricks Cloud github repos.
CloudFront
For more information check:
{% content-ref url="../aws-services/aws-cloudfront-enum.md" %} aws-cloudfront-enum.md {% endcontent-ref %}
Man-in-the-Middle
This blog post proposes a couple of different scenarios where a Lambda could be added (or modified if it's already being used) into a communication through CloudFront with the purpose of stealing user information (like the session cookie) and modifying the response (injecting a malicious JS script).
scenario 1: MitM where CloudFront is configured to access some HTML of a bucket
- Create the malicious function.
- Associate it with the CloudFront distribution.
- Set the event type to "Viewer Response".
Accessing the response you could steal the users cookie and inject a malicious JS.
scenario 2: MitM where CloudFront is already using a lambda function
- Modify the code of the lambda function to steal sensitive information
You can check the tf code to recreate this scenarios here.
{% hint style="success" %}
Learn & practice AWS Hacking:HackTricks Training AWS Red Team Expert (ARTE)
Learn & practice GCP Hacking: HackTricks Training GCP Red Team Expert (GRTE)
Support HackTricks
- Check the subscription plans!
- Join the 💬 Discord group or the telegram group or follow us on Twitter 🐦 @hacktricks_live.
- Share hacking tricks by submitting PRs to the HackTricks and HackTricks Cloud github repos.