CSD use and impossible to connect (Linux)
Kevin Cernekee
cernekee at gmail.com
Sun Jan 4 08:16:09 PST 2015
On Sun, Jan 4, 2015 at 7:46 AM, Fromzy <fromzy at gmail.com> wrote:
> Kevin,
>
> I follow your idea and I used SSLSPLIT as a mitmproxy. It works like a
> charm and copy every single sessions to a log file decrypted. Nice and
> easy
> I have find the POST you found on your side and this so long data list
> (endpoint.xxx = "parameter") = more than 800 lines:
> There is not the headers as you talked about. Perhaps in newer
> AnyConnect version it is different or SSLSPLIT is only recording
> common headers ?
> The complete session log is here : http://pastebin.com/nGtcyeKA
Yes, that's it. Mine was a couple hundred lines long too. It's
mostly unused; the client sends "everything" and the server picks and
chooses what to look at.
You can start by using the CSD wrapper script to POST that entire
output from openconnect, and if that works, try cutting it in half
each time until you find that it's rejecting logins. That will let
you narrow down the parts that are really needed. The
endpoint.policy.location line is probably mandatory (for me that's the
only part it cared about).
More information about the openconnect-devel
mailing list