Learn Penetration Testing And Ethical Hacking Online.


  • Facebook
  • Popular Posts

    Broadly speaking, we can say that the fronting technique consists of obfuscating the data source of a site. 
    This is something that has existed for a long time, but lately it has recovered its relevance due to the barriers that have been raised on the internet to censor, filter and prevent access to certain content, generally for political or ideological interests.
    Fronting works in the application layer and allows users to access content that has been blocked by the most common techniques: IP blocking, DNS filtering and even packet inspection, since the header of these is that of a Authorized origin, and only the actual content is revealed once the connection has been authorized and established. It should be noted that the fronting only works on HTTPS protocol. 
    There are many tutorials on the internet about how to use CDN (Content Delivery Network) in Amazon Web Services to provide content from different sources in case one of them is offline. However, we have not found explanations on how to do this when the data source does not come from a site hosted on AWS, that's why we decided to create this guide.

    In our example we will use the following names: 

    subdomain.domain.com : Our subdomain with which we will do the obfuscation 
    www.otrodominio.com/routa/al/subdominio : The origin of the data that we will show in sub.domain.com 

    The first thing that we must do is enable the fronting in the hosting of another domain.com , since in most it is disabled by default to avoid phishing. (Later we will make a guide to know if your domain is vulnerable to fronting by malicious users.) 
    I can not tell you in detail how to enable fronting in your hosting, as it is different in each one. In any case, you can always check with the provider's support team.

    Then we must go to AWS and create a CNAME for sub.domain.com . For now it does not matter where you point, since we 
    'll change it later. We go to Route53, select our zone and create a new record with "Create Record Set":

    Here we select as CNAME type, we put our subdomain as a name and as a source anything, for example, www.google.com :

    Then we go to Cloudfront and create a new distribution:

    We select the Web option and place the domain of the data source and the route, if there is one.
    We place the alternative name that we chose for the data source and select the type of certificate. In this case, we chose a public one generated by Amazon for our domain:

    We accept and while this is done, which will take about 20 minutes, we select the name of the cloudfront generated by this distribution. It is a name of type a1b2c3d4c5.cloudfront.net. 
    We copy it and go back to the CNAME that we created before and replace whatever we have put (in this example it was www.google.com ) for this new domain. 

    Finally, we connect by ssh to the AWS hosting with the method that we have configured (pem file of certificate, user and password, etc.) and, depending on the version of apache that we have installed, navigate to / etc / apache2 / and edit apache2. conf or go to / etc / apache2 / sites-available / and edit domain.com.conf (the name will be that of your domain) and add the following lines: 
    <VirtualHost *: 80> 
            ServerName subdomain.domain.com 
            ServerAlias http://subdomain.domain.com
            ProxyPass / https://www.otrodomain.com/route/al/subdomain
            ProxyPassReverse / https://www.otrodomain.com / path / to / subdomain
    </ VirtualHost> 
    <VirtualHost *: 80> 
            ServerName subdomain.domain.com 
            ServerAlias https://subdomain.domain.com
            ProxyPass / https://www.otrodominio.com/ruta/al/subdominio
            ProxyPassReverse / https://www.otrodominio.com/ruta/al/subdominio
    </ VirtualHost>
    with this we make sure that whatever you enter the user request to subdomain.domain.com, arrive by https to anotherdomain.com/path/al/subdomain . 

    Finally, once the CloudFront has finished creating the distribution (the status will change to deployed and it will no longer say in progress ), we can try the fronting by typing subdomain.domain.com/index.php or a path that is only found in www. .otherdomain.com / route / to / subdomain / , for example www.otrodomain.com/ruta/al/subdominio/otra/ruta/test.php . We put subdomain.domain.com/otra/ruta/test.php and voila!there is our content from anotherdomain.com and the URL that the browser shows us is subdomain.domain.com !