Comments (3)
Update: I figured out what the issue was.
Changing line 77 of the script so that it uses --data-binary
instead of --data-ascii
fixed the problem for me.
(Well... that and manually updating the HTTP headers so that they include correct values)
When using "--data-ascii" curl removes newlines and my VPN server does not seem to like that.
Anyway, do you think this change could be merged? What is the advantage of using "--data-ascii"?
Also, in regard to the three different sets of "host-scan-ticket"+"host-scan-token", it looks like it is OK as long as the forged host scan reply and the request containing the login/password make reference to the same CSD token, which is what openconnect does.
from hostscan-bypass.
Thanks for the detailed report! It sounds like you got into the weeds on this one. Out of curiosity, what error message were you getting when trying to authenticate with openconnect?
I can't really speak to the differences between --data-ascii
and --data-binary
as that was part of the original code that I found by a user named Fromzy. I'll have to test that change on another network to verify everything still works as intended.
EDIT: I just verified that changing the --data-ascii
flag to --data-binary
works just fine on AnyConnect 4.5. If you want to put in a PR, I'll happily merge it in so you get credit. It's interesting no one has run into this so far.
from hostscan-bypass.
Out of curiosity, what error message were you getting when trying to authenticate with openconnect?
It was the same "login failure" response I get when some of the fields on the forged request are missing.
For example, my VPN server expects the CSD script to report that Windows Firewall is active. If I were to change the forged packet to not include that piece of information, it would fail in the same way (ie. "login failure").
For all of this, I would say that not including the newlines confuses the VPN server which just treats the CSD reply as an empty one.
from hostscan-bypass.
Related Issues (17)
- unexpected EOF when running hostscan-bypass HOT 1
- Connection is good, but never stops to write the bypass HOT 2
- AnyConnect client doesn't want to connect to Hostscan Bypass script HOT 9
- How to run it on Windows 10 PC? HOT 9
- Unable to connect into my server using AnyConnect HOT 4
- On MacOS EOF is never triggered - Potential fix HOT 2
- tls: failed to parse private key HOT 5
- How to forward the certificate validation request. HOT 1
- Does this issue have a CVE? HOT 2
- tls: handshake failure issue HOT 1
- Possible protocol change HOT 6
- OS X Troubleshooting HOT 47
- RSA token with hostscan bypass HOT 3
- Doesn't work with TLS_RSA_WITH_AES_256_CBC_SHA256 cipher HOT 16
- Unable to obtain CSD file HOT 5
- Getting the below error HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from hostscan-bypass.