SSL Certificate verification bug

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Wed, Oct 2, 2013 at 5:44 PM, Marina Papoutsi <marina.cogsci at gmail.com> wrote:
> You suggest at the bottom of that post to "sniff" a good AnyConnect session
> and write a wrapper based on that.
> I am able to connect to vpn using anyconnect on my android phone, but not
> sure what to look for.
> If you could be more specific that would be great help.

I have updated my android-csd branch[1] to handle servers which
advertise CSD but return 404 when fetching the Linux binary.  It
should be safe to assume that mobile devices aren't able to run a CSD
trojan anyway: it doesn't exist for Android yet (AFAIK) and iOS will
not execute unsigned code.

You can try this and see if it works.  The attached version of
android_csd.sh was modified to run on a Linux PC with curl installed.

$ ./openconnect --csd-wrapper /tmp/android_csd.sh --os android vpn.ucl.ac.uk
POST https://vpn.ucl.ac.uk/
Attempting to connect to server 128.40.125.50:443
SSL negotiation with vpn.ucl.ac.uk
Connected to HTTPS on vpn.ucl.ac.uk
Got HTTP response: HTTP/1.0 302 Object Moved
GET https://vpn.ucl.ac.uk/
Attempting to connect to server 128.40.125.50:443
SSL negotiation with vpn.ucl.ac.uk
Connected to HTTPS on vpn.ucl.ac.uk
Got HTTP response: HTTP/1.0 302 Object Moved
GET https://vpn.ucl.ac.uk/+webvpn+/index.html
SSL negotiation with vpn.ucl.ac.uk
Connected to HTTPS on vpn.ucl.ac.uk
GET https://vpn.ucl.ac.uk/+CSCOE+/sdesktop/wait.html
Refreshing +CSCOE+/sdesktop/wait.html after 1 second...
<?xml version="1.0" encoding="ISO-8859-1"?>
<hostscan><status>TOKEN_SUCCESS</status></hostscan>
GET https://vpn.ucl.ac.uk/+CSCOE+/sdesktop/wait.html
SSL negotiation with vpn.ucl.ac.uk
Connected to HTTPS on vpn.ucl.ac.uk
Got HTTP response: HTTP/1.1 302 Moved Temporarily
GET https://vpn.ucl.ac.uk/+webvpn+/index.html
SSL negotiation with vpn.ucl.ac.uk
Connected to HTTPS on vpn.ucl.ac.uk
Please enter your username and password.
Username:


[1] https://github.com/cernekee/openconnect/tree/android-csd
-------------- next part --------------
A non-text attachment was scrubbed...
Name: android_csd.sh
Type: application/x-sh
Size: 814 bytes
Desc: not available
URL: <http://lists.infradead.org/pipermail/openconnect-devel/attachments/20131002/600aac83/attachment.sh>
[Index of Archives]     [Linux Samsung SoC]     [Linux Rockchip SoC]     [Linux Actions SoC]     [Linux for Synopsys ARC Processors]     [Linux NFS]     [Linux NILFS]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]

  Powered by Linux