SSL Certificate verification bug
Kevin Cernekee
cernekee at gmail.com
Thu Oct 3 00:13:14 EDT 2013
On Wed, Oct 2, 2013 at 5:44 PM, Marina Papoutsi <marina.cogsci at gmail.com> wrote:
> You suggest at the bottom of that post to "sniff" a good AnyConnect session
> and write a wrapper based on that.
> I am able to connect to vpn using anyconnect on my android phone, but not
> sure what to look for.
> If you could be more specific that would be great help.
I have updated my android-csd branch[1] to handle servers which
advertise CSD but return 404 when fetching the Linux binary. It
should be safe to assume that mobile devices aren't able to run a CSD
trojan anyway: it doesn't exist for Android yet (AFAIK) and iOS will
not execute unsigned code.
You can try this and see if it works. The attached version of
android_csd.sh was modified to run on a Linux PC with curl installed.
$ ./openconnect --csd-wrapper /tmp/android_csd.sh --os android vpn.ucl.ac.uk
POST https://vpn.ucl.ac.uk/
Attempting to connect to server 128.40.125.50:443
SSL negotiation with vpn.ucl.ac.uk
Connected to HTTPS on vpn.ucl.ac.uk
Got HTTP response: HTTP/1.0 302 Object Moved
GET https://vpn.ucl.ac.uk/
Attempting to connect to server 128.40.125.50:443
SSL negotiation with vpn.ucl.ac.uk
Connected to HTTPS on vpn.ucl.ac.uk
Got HTTP response: HTTP/1.0 302 Object Moved
GET https://vpn.ucl.ac.uk/+webvpn+/index.html
SSL negotiation with vpn.ucl.ac.uk
Connected to HTTPS on vpn.ucl.ac.uk
GET https://vpn.ucl.ac.uk/+CSCOE+/sdesktop/wait.html
Refreshing +CSCOE+/sdesktop/wait.html after 1 second...
<?xml version="1.0" encoding="ISO-8859-1"?>
<hostscan><status>TOKEN_SUCCESS</status></hostscan>
GET https://vpn.ucl.ac.uk/+CSCOE+/sdesktop/wait.html
SSL negotiation with vpn.ucl.ac.uk
Connected to HTTPS on vpn.ucl.ac.uk
Got HTTP response: HTTP/1.1 302 Moved Temporarily
GET https://vpn.ucl.ac.uk/+webvpn+/index.html
SSL negotiation with vpn.ucl.ac.uk
Connected to HTTPS on vpn.ucl.ac.uk
Please enter your username and password.
Username:
[1] https://github.com/cernekee/openconnect/tree/android-csd
-------------- next part --------------
A non-text attachment was scrubbed...
Name: android_csd.sh
Type: application/x-sh
Size: 814 bytes
Desc: not available
URL: <http://lists.infradead.org/pipermail/openconnect-devel/attachments/20131002/600aac83/attachment.sh>
More information about the openconnect-devel
mailing list