rollwagen/Intercepting Azure CLI HTTPS traffic.md

Last active October 18, 2020 14:15

Star (0) You must be signed in to star a gist
Fork (0) You must be signed in to fork a gist

Learn more about clone URLs
Clone this repository at <script src="https://gist.github.com/rollwagen/a0728d04c0d87be11e2801b46446fcd2.js"></script>
Save rollwagen/a0728d04c0d87be11e2801b46446fcd2 to your computer and use it in GitHub Desktop.

Download ZIP

Raw

Intercepting Azure CLI HTTPS traffic.md

TL;DR (to inspect azure cli traffic)

start mitmproxy
set proxy environment variable
tell the Azure CLI to not validate SSL
run az commands

mitmproxy
export HTTPS_PROXY=https://127.0.0.1:8080
export AZURE_CLI_DISABLE_CONNECTION_VERIFICATION=1
az vm list

(see mitm screenshot below)

mitmproxy

mitmproxy's generated (upon first run) certificates are placed in ~/.mitmproxy

~/.mitmproxy
├── mitmproxy-ca-cert.cer
├── mitmproxy-ca-cert.p12
├── mitmproxy-ca-cert.pem
├── mitmproxy-ca.p12
├── mitmproxy-ca.pem
└── mitmproxy-dhparam.pem

Adding Root CA in 'System' Keychain

sudo security add-trusted-cert -d -r trustRoot -k /Library/Keychains/System.keychain ~/.mitmproxy/mitmproxy-ca-cert.pem

⚠️ This won't buy you anything e.g. for the Azure CLI, as it's build with Python and Python installations use their own cert store.

Decode JWT

Link to jwt.io
copy/paste value of accessToken (Authorization: Bearer in HTTP header) property to “Encoded”

Links

How Azure CLI manages access tokens

Raw

mitm_azcli.png

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment