Links

AWS - CloudFront Post Exploitation

Learn AWS hacking from zero to hero with htARTE (HackTricks AWS Red Team Expert)!
Other ways to support HackTricks:

CloudFront

For more information check:

Man-in-the-Middle

This blog post proposes a couple of different scenarios where a Lambda could be added (or modified if it's already being used) into a communication through CloudFront with the purpose of stealing user information (like the session cookie) and modifying the response (injecting a malicious JS script).

scenario 1: MitM where CloudFront is configured to access some HTML of a bucket

  • Create the malicious function.
  • Associate it with the CloudFront distribution.
  • Set the event type to "Viewer Response".
Accessing the response you could steal the users cookie and inject a malicious JS.

scenario 2: MitM where CloudFront is already using a lambda function

  • Modify the code of the lambda function to steal sensitive information
Learn AWS hacking from zero to hero with htARTE (HackTricks AWS Red Team Expert)!
Other ways to support HackTricks: