AWS - CloudFront Post Exploitation

Learn & practice AWS Hacking:HackTricks Training AWS Red Team Expert (ARTE) Learn & practice GCP Hacking: HackTricks Training GCP Red Team Expert (GRTE)

Support HackTricks

Check the subscription plans!
Join the 💬 Discord group or the telegram group or follow us on Twitter 🐦 @hacktricks_live.
Share hacking tricks by submitting PRs to the HackTricks and HackTricks Cloud github repos.

CloudFront

For more information check:

AWS - CloudFront Enum

Man-in-the-Middle

This blog post proposes a couple of different scenarios where a Lambda could be added (or modified if it's already being used) into a communication through CloudFront with the purpose of stealing user information (like the session cookie) and modifying the response (injecting a malicious JS script).

scenario 1: MitM where CloudFront is configured to access some HTML of a bucket

Create the malicious function.
Associate it with the CloudFront distribution.
Set the event type to "Viewer Response".

Accessing the response you could steal the users cookie and inject a malicious JS.

scenario 2: MitM where CloudFront is already using a lambda function

Modify the code of the lambda function to steal sensitive information

You can check the tf code to recreate this scenarios here.

Learn & practice AWS Hacking:HackTricks Training AWS Red Team Expert (ARTE) Learn & practice GCP Hacking: HackTricks Training GCP Red Team Expert (GRTE)

Support HackTricks

Check the subscription plans!
Join the 💬 Discord group or the telegram group or follow us on Twitter 🐦 @hacktricks_live.
Share hacking tricks by submitting PRs to the HackTricks and HackTricks Cloud github repos.

PreviousAWS - API Gateway Post Exploitation NextAWS - CodeBuild Post Exploitation

Last updated 8 days ago