Last updated
Learn & practice AWS Hacking:HackTricks Training AWS Red Team Expert (ARTE) Learn & practice GCP Hacking: HackTricks Training GCP Red Team Expert (GRTE)
Azure Service Bus is a cloud-based messaging service designed to enable reliable communication between different parts of an application or separate applications. It acts as a secure middleman, ensuring messages are safely delivered, even if the sender and receiver aren’t operating simultaneously. By decoupling systems, it allows applications to work independently while still exchanging data or instructions. It’s particularly useful for scenarios requiring load balancing across multiple workers, reliable message delivery, or complex coordination, such as processing tasks in order or securely managing access.
Queues: its purpose is to store messages until the receiver is ready.
Messages are ordered, timestamped, and durably stored.
Delivered in pull mode (on-demand retrieval).
Supports point-to-point communication.
Topics: Publish-subscribe messaging for broadcasting.
Multiple independent subscriptions receive copies of messages.
Subscriptions can have rules/filters to control delivery or add metadata.
Supports many-to-many communication.
Namespaces: A container for all messaging components, queues and topics, is like your own slice of a powerful Azure cluster, providing dedicated capacity and optionally spanning across three availability zones.
Some advance features are:
Message Sessions: Ensures FIFO processing and supports request-response patterns.
Auto-Forwarding: Transfers messages between queues or topics in the same namespace.
Dead-Lettering: Captures undeliverable messages for review.
Scheduled Delivery: Delays message processing for future tasks.
Message Deferral: Postpones message retrieval until ready.
Transactions: Groups operations into atomic execution.
Filters & Actions: Applies rules to filter or annotate messages.
Auto-Delete on Idle: Deletes queues after inactivity (min: 5 minutes).
Duplicate Detection: Removes duplicate messages during resends.
Batch Deletion: Bulk deletes expired or unnecessary messages.
SAS Policies define the access permissions for Azure Service Bus entities namespace (Most Important One), queues and topics. Each policy has the following components:
Permissions: Checkboxes to specify access levels:
Manage: Grants full control over the entity, including configuration and permissions management.
Send: Allows sending messages to the entity.
Listen: Allows receiving messages from the entity.
Primary and Secondary Keys: These are cryptographic keys used to generate secure tokens for authenticating access.
Primary and Secondary Connection Strings: Pre-configured connection strings that include the endpoint and key for easy use in applications.
SAS Policy ARM ID: The Azure Resource Manager (ARM) path to the policy for programmatic identification.
sku, authrorization rule,
https://learn.microsoft.com/en-us/powershell/module/az.servicebus/?view=azps-13.0.0
https://learn.microsoft.com/en-us/azure/service-bus-messaging/service-bus-messaging-overview
https://learn.microsoft.com/en-us/azure/service-bus-messaging/service-bus-quickstart-cli
Check the subscription plans!
Join the 💬 Discord group or the telegram group or follow us on Twitter 🐦 @hacktricks_live.
Share hacking tricks by submitting PRs to the HackTricks and HackTricks Cloud github repos.
