MITM to a cisco client

David Woodhouse dwmw2 at infradead.org
Thu May 9 01:08:04 PDT 2024


On Wed, 2024-05-08 at 17:59 -0600, Oscar Velazquez wrote:
> 
> 
> I have a hunch: it is to change server-cert-hash, but I do not know 
> what the correct values could be or if this is a valid approach.
> Any help would be appreciated.
> 

Probably the sha1 fingerprint of the (real) server's SSL certificate.

In http://david.woodhou.se/proxy.go there's support for changing such a
hash to the hash of the cert you're using for the proxy itself.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 5965 bytes
Desc: not available
URL: <http://lists.infradead.org/pipermail/openconnect-devel/attachments/20240509/50ff6291/attachment.p7s>


More information about the openconnect-devel mailing list