GithubHelp home page GithubHelp logo

Comments (5)

Gilks avatar Gilks commented on July 22, 2024

Not certain why I never got a notification for this but here we are. It looks like you have some extra data sitting at the top of your certs/key. I'm not an encryption expert, so I don't know if that actually matters. Your private key also appears to have different header/footer text. This may be a byproduct of how they were generated. Anyway, here is how your cert/keys should look:

-----BEGIN CERTIFICATE-----
<redacted>
-----END CERTIFICATE-----

-----BEGIN RSA PRIVATE KEY-----
<redacted>
-----END RSA PRIVATE KEY-----

from hostscan-bypass.

tsunamaru avatar tsunamaru commented on July 22, 2024

Yeah, my first thoughts was just about that header before actual key. I removed it, but nothing changed.
The second thing I tried is convert encrypted RSA key to normal RSA:
openssl rsa -in cert.key -out cert.decrypted.key

Decrypted key looks like:

-----BEGIN RSA PRIVATE KEY-----
<redacted>
-----END RSA PRIVATE KEY-----

Still, when I run hostscan-bypass with this decrypted key, and try to connect my AnyConnect client, it starts complain about "untrustworthy gateway" and close connection immidiately.

from hostscan-bypass.

Gilks avatar Gilks commented on July 22, 2024

from hostscan-bypass.

tsunamaru avatar tsunamaru commented on July 22, 2024

AnyConnect runs inside Ubuntu 20.04 VM, and hostscan-bypass runs on host system (Gentoo Linux).
Of course, I checked out your blog post before creating issue, and that box was unchecked right from the beginning.

Here some screenshots inside Ubuntu VM: https://imgur.com/a/qFgS6qr

from hostscan-bypass.

Gilks avatar Gilks commented on July 22, 2024

It sounds like the Linux AnyConnect is not respecting your choice. There was a similar issue described in the OS X troubleshooting thread (#4). Specifically, this comment.

I won't be able to troubleshoot your specific AnyConnect issue but what I can say is that you are on the right track. Your new private key is working correctly. If you can get Linux/AnyConnect to let you connect to untrusted servers you'll be in the clear.

If you run into trouble finding the root cause then the final thing you can do is put the hostscan-bypass on a legitimate domain with a real SSL cert (letsencrypt). Since the SSL cert is real AnyConnect will trust the connection.

from hostscan-bypass.

Related Issues (17)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.