Friday, August 21, 2020

CloudFrunt - A Tool For Identifying Misconfigured CloudFront Domains


CloudFrunt is a tool for identifying misconfigured CloudFront domains.

Background
CloudFront is a Content Delivery Network (CDN) provided by Amazon Web Services (AWS). CloudFront users create "distributions" that serve content from specific sources (an S3 bucket, for example).
Each CloudFront distribution has a unique endpoint for users to point their DNS records to (ex. d111111abcdef8.cloudfront.net). All of the domains using a specific distribution need to be listed in the "Alternate Domain Names (CNAMEs)" field in the options for that distribution.
When a CloudFront endpoint receives a request, it does NOT automatically serve content from the corresponding distribution. Instead, CloudFront uses the HOST header of the request to determine which distribution to use. This means two things:

  1. If the HOST header does not match an entry in the "Alternate Domain Names (CNAMEs)" field of the intended distribution, the request will fail.
  2. Any other distribution that contains the specific domain in the HOST header will receive the request and respond to it normally.
This is what allows the domains to be hijacked. There are many cases where a CloudFront user fails to list all the necessary domains that might be received in the HOST header. For example:
  • The domain "test.disloops.com" is a CNAME record that points to "disloops.com".
  • The "disloops.com" domain is set up to use a CloudFront distribution.
  • Because "test.disloops.com" was not added to the "Alternate Domain Names (CNAMEs)" field for the distribution, requests to "test.disloops.com" will fail.
  • Another user can create a CloudFront distribution and add "test.disloops.com" to the "Alternate Domain Names (CNAMEs)" field to hijack the domain.
This means that the unique endpoint that CloudFront binds to a single distribution is effectively meaningless. A request to one specific CloudFront subdomain is not limited to the distribution it is associated with.

Installation
$ pip install boto3
$ pip install netaddr
$ pip install dnspython
$ git clone https://github.com/disloops/cloudfrunt.git
$ cd cloudfrunt
$ git clone https://github.com/darkoperator/dnsrecon.git
CloudFrunt expects the dnsrecon script to be cloned into a subdirectory called dnsrecon.

Usage
cloudfrunt.py [-h] [-l TARGET_FILE] [-d DOMAINS] [-o ORIGIN] [-i ORIGIN_ID] [-s] [-N]

-h, --help                      Show this message and exit
-s, --save                      Save the results to results.txt
-N, --no-dns                    Do not use dnsrecon to expand scope
-l, --target-file TARGET_FILE   File containing a list of domains (one per line)
-d, --domains DOMAINS           Comma-separated list of domains to scan
-o, --origin ORIGIN             Add vulnerable domains to new distributions with this origin
-i, --origin-id ORIGIN_ID       The origin ID to use with new distributions

Example
$ python cloudfrunt.py -o cloudfrunt.com.s3-website-us-east-1.amazonaws.com -i S3-cloudfrunt -l list.txt

 CloudFrunt v1.0.3

 [+] Enumerating DNS entries for google.com
 [-] No issues found for google.com

 [+] Enumerating DNS entries for disloops.com
 [+] Found CloudFront domain --> cdn.disloops.com
 [+] Found CloudFront domain --> test.disloops.com
 [-] Potentially misconfigured CloudFront domains:
 [#] --> test.disloops.com
 [+] Created new CloudFront distribution EXBC12DE3F45G
 [+] Added test.disloops.com to CloudFront distribution EXBC12DE3F45G


Related links


  1. Hackers Toolbox
  2. Pentest Tools Find Subdomains
  3. Hack Apps
  4. Hacker Tools Apk Download
  5. Game Hacking
  6. Pentest Tools Website
  7. Hack Tools Download
  8. Hacker Tool Kit
  9. Hack Apps
  10. Black Hat Hacker Tools
  11. Hack Tools For Games
  12. Hacker Tool Kit
  13. Hack Tool Apk No Root
  14. Tools Used For Hacking
  15. Pentest Tools Free
  16. Hack And Tools
  17. Pentest Tools Website
  18. Tools 4 Hack
  19. Hacker Tools For Mac
  20. Hacking Tools For Windows Free Download
  21. Best Hacking Tools 2019
  22. Black Hat Hacker Tools
  23. Pentest Tools Kali Linux
  24. Pentest Tools Port Scanner
  25. Hacking Tools 2020
  26. Pentest Tools Subdomain
  27. Github Hacking Tools
  28. Pentest Tools Website
  29. Physical Pentest Tools
  30. Nsa Hack Tools
  31. New Hacker Tools
  32. Hacking Tools For Kali Linux
  33. Pentest Recon Tools
  34. Game Hacking
  35. Nsa Hack Tools Download
  36. Hack Tools Pc
  37. Black Hat Hacker Tools
  38. Hacker Hardware Tools
  39. Best Hacking Tools 2019
  40. Free Pentest Tools For Windows
  41. Pentest Tools Subdomain
  42. Computer Hacker
  43. Pentest Tools Alternative
  44. Pentest Tools Github
  45. Pentest Tools Github
  46. How To Hack
  47. Hacker Tools Hardware
  48. Hack Tools For Ubuntu
  49. Pentest Tools Kali Linux
  50. Hacker Tools Free Download
  51. Hacker Tools
  52. Pentest Tools Windows
  53. Hacker Tools 2019
  54. Hacking Tools Mac
  55. Hacker Tools Mac
  56. Hacker Tools For Ios
  57. Hacking Apps
  58. Game Hacking
  59. Hacking Tools Mac
  60. Pentest Tools Windows
  61. Nsa Hack Tools Download
  62. Pentest Tools Framework
  63. Pentest Tools Bluekeep
  64. Free Pentest Tools For Windows
  65. Growth Hacker Tools
  66. Tools For Hacker
  67. Hack Tools Github
  68. Hackers Toolbox
  69. Hacking Apps
  70. Hacker
  71. Hacking Tools Name
  72. Pentest Tools Find Subdomains
  73. Pentest Reporting Tools
  74. Hacker Techniques Tools And Incident Handling
  75. Pentest Tools Bluekeep
  76. What Is Hacking Tools
  77. Pentest Tools Open Source
  78. Hacks And Tools
  79. Kik Hack Tools
  80. Hack App
  81. Tools For Hacker
  82. Hacking Tools Name
  83. Computer Hacker
  84. Hacker Search Tools
  85. Pentest Tools For Ubuntu
  86. How To Hack
  87. Top Pentest Tools
  88. How To Make Hacking Tools
  89. Easy Hack Tools
  90. Hacking Tools For Windows
  91. Pentest Tools Linux
  92. Hacker Tools Free
  93. New Hacker Tools
  94. Install Pentest Tools Ubuntu
  95. Hacking Tools For Beginners
  96. Pentest Tools Website
  97. Hacker Tools Hardware
  98. Install Pentest Tools Ubuntu
  99. How To Install Pentest Tools In Ubuntu
  100. Pentest Recon Tools
  101. Hack Tools Online
  102. What Is Hacking Tools
  103. Nsa Hack Tools
  104. Easy Hack Tools
  105. Tools 4 Hack
  106. Hacking Tools For Windows 7
  107. Hacker Tools For Pc
  108. Hacker Tools Windows
  109. Hackrf Tools
  110. Pentest Tools Website
  111. Usb Pentest Tools
  112. Hacker
  113. Pentest Tools Alternative
  114. Hacking Tools Mac
  115. Game Hacking
  116. Free Pentest Tools For Windows
  117. Hack Tools For Ubuntu
  118. Hacking App
  119. Pentest Tools Subdomain
  120. Hacking Tools 2019
  121. Hacker Tools For Pc
  122. Blackhat Hacker Tools
  123. Hacking Tools Usb
  124. Best Pentesting Tools 2018
  125. Hacker Tools 2019
  126. Hacking Tools For Windows Free Download
  127. Hack Tools For Ubuntu
  128. Growth Hacker Tools
  129. Hacker
  130. Pentest Tools
  131. Hacks And Tools
  132. Pentest Box Tools Download
  133. Hack Tools 2019
  134. New Hacker Tools
  135. Pentest Tools Free
  136. Hacking Tools Online
  137. Install Pentest Tools Ubuntu
  138. Hackrf Tools
  139. Hack Rom Tools
  140. Hacking Tools For Windows 7
  141. Nsa Hack Tools
  142. Hacking Tools Kit
  143. Hacking Tools Download
  144. Hacker Tools Online
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)