reddit hackernews mail facebook facebook linkedin


A tool for identifying misconfigured CloudFront domains.

When a CloudFront endpoint receives a request, it does NOT automatically serve content from the corresponding distribution. Instead, CloudFront uses the HOST header of the request to determine which distribution to use. This means two things:

1/ If the HOST header does not match an entry in the "Alternate Domain Names (CNAMEs)" field of the intended distribution, the request will fail.

2/ Any other distribution that contains the specific domain in the HOST header will receive the request and respond to it normally.

This is what allows the domains to be hijacked.