(Ab)using Cloudflare Argo Tunnel for fun and profit

Jul 4 · 3 min read

For those of you that might not be aware of what the Cloudflare Argo Tunnel is, here is the product description from Cloudflare website:

“ Argo Tunnel exposes applications running on your local web server, on any network with an Internet connection, without adding DNS records or configuring a firewall or router.”

Setting up a tunnel is very easy as the binaries of the agent can be downloaded and simply executed without the need for installation (On a Windows platform). It does not even require administrative privileges and a normal limited user can also build a tunnel.

In order to build a tunnel, run the terminal command below to start a free tunnel. cloudflared will begin proxying requests to your localhost server; no additional flags needed.

$ cloudflared tunnel

The command above will proxy traffic to port 8080 by default, but you can specify a different port with the --url flag:

$ cloudflared tunnel --url localhost:7000

But here comes the interesting part!

$ cloudflared tunnel --url http://Confidential-InternalOnly-WebApp

It usually takes only a few seconds for the tunnel to be established and now an internal web application on another machine that was never supposed to be exposed is accessible over the Internet!

So what? Isn’t it supposed to act like that? Why this is the big deal here?!

There are a few problems with this behavior:

  1. Such functionality is not documented anywhere on the Cloudflare website. On the contrary, it has been stated on many occasions that the agent connects to the local web server:

One might argue that a local web server refers to local addresses, like in a context of NAT networks, where according to Cisco: “A local address is any address that appears on the inside portion of the network.” But that is not the case here as we are talking in a context of a machine and as well based on Argo documentation, local web server refers to the server that Argo agent is running on.

2. In an enterprise organization with hardened systems, where only certain destinations are allowed in the firewall, in this case, Cloudflare IPs, and even with the usage of endpoint detection and response (EDR) solutions and whitelisting certain executables as trusted binaries, from a malicious actor perspective, they have the luxury to build arbitrary persistent tunnels and access internal resources that were never supposed to be accessible over the Internet. This would most probably go unnoticed as the machine, the executable on it and target destinations are all trusted, and no need to mention that the tunnel is an encrypted TLS over HTTP2 that its stability is guaranteed by Cloudflare :)

Argo agent could also be installed as a service.

P.S: I reached Cloudflare via their bug bounty program over HackerOne as it’s the only way to report security issues to them and here is their response:

“ This implies privileged access to the victim’s machine, or direct physical to an unlocked device. The impact of this behavior does not configure a security vulnerability, hence your submission will be closed.”

Update 1: I tested ngrok client and the same thing can be achieved by using ngrok.

There is a high chance that other tools like the one mentioned above provide such functionalities, so in your future penetration tests, if you ran into a similar situation, you can also use this trick to build persistent tunnels. I can also easily imagine some malware leveraging such scenario ;)