Links

Az - Logic Apps

Learn AWS hacking from zero to hero with htARTE (HackTricks AWS Red Team Expert)!
Other ways to support HackTricks:

Basic Information

Azure Logic Apps is a cloud-based service provided by Microsoft Azure that enables developers to create and run workflows that integrate various services, data sources, and applications. These workflows are designed to automate business processes, orchestrate tasks, and perform data integrations across different platforms.
Logic Apps provides a visual designer to create workflows with a wide range of pre-built connectors, which makes it easy to connect to and interact with various services, such as Office 365, Dynamics CRM, Salesforce, and many others. You can also create custom connectors for your specific needs.

Examples

  • Automating Data Pipelines: Logic Apps can automate data transfer and transformation processes in combination with Azure Data Factory. This is useful for creating scalable and reliable data pipelines that move and transform data between various data stores, like Azure SQL Database and Azure Blob Storage, aiding in analytics and business intelligence operations.
  • Integrating with Azure Functions: Logic Apps can work alongside Azure Functions to develop sophisticated, event-driven applications that scale as needed and integrate seamlessly with other Azure services. An example use case is using a Logic App to trigger an Azure Function in response to certain events, such as changes in an Azure Storage account, allowing for dynamic data processing.

Visualize a LogicAPP

It's possible to view a LogicApp with graphics:
or to check the code in the "Logic app code view" section.

SSRF Protection

Even if you find the Logic App vulnerable to SSRF, you won't be able to access the credentials from the metadata as Logic Apps doesn't allow that.
For example, something like this won't return the token:
# The URL belongs to a Logic App vulenrable to SSRF
curl -XPOST 'https://prod-44.westus.logic.azure.com:443/workflows/2d8de4be6e974123adf0b98159966644/triggers/manual/paths/invoke?api-version=2016-10-01&sp=%2Ftriggers%2Fmanual%2Frun&sv=1.0&sig=_8_oqqsCXc0u2c7hNjtSZmT0uM4Xi3hktw6Uze0O34s' -d '{"url": "http://169.254.169.254/metadata/identity/oauth2/token?api-version=2018-02-01&resource=https://management.azure.com/"}' -H "Content-type: application/json" -v

Enumeration

az cli
Az PowerSHell
# List
az logic workflow list --resource-group <ResourceGroupName> --subscription <SubscriptionID> --output table
# Get info
az logic workflow show --name <LogicAppName> --resource-group <ResourceGroupName> --subscription <SubscriptionID>
# Get Logic App config
az logic workflow definition show --name <LogicAppName> --resource-group <ResourceGroupName> --subscription <SubscriptionID>
# Get service ppal used
az logic workflow identity show --name <LogicAppName> --resource-group <ResourceGroupName> --subscription <SubscriptionID>
# List
Get-AzLogicApp -ResourceGroupName <ResourceGroupName>
# Get info
Get-AzLogicApp -ResourceGroupName <ResourceGroupName> -Name <LogicAppName>
# Get Logic App config
(Get-AzLogicApp -ResourceGroupName <ResourceGroupName> -Name <LogicAppName>).Definition | ConvertTo-Json
# Get service ppal used
(Get-AzLogicApp -ResourceGroupName <ResourceGroupName> -Name <LogicAppName>).Identity
Learn AWS hacking from zero to hero with htARTE (HackTricks AWS Red Team Expert)!
Other ways to support HackTricks: