Hello Kevin,
> > User-Agent: AnyConnect Windows 3.0.07059
> If ocserv requires XML POST submissions, I would suggest tweaking the
> ocserv XML output so that it more closely resembles the structure of
> the document shown above. However, requiring XML POST does break
> compatibility with AnyConnect <=v2.5.
we can use the User-Agent header to distinguish, sending the legacy
challenge for the old clients and the XML for the newer anyconnect
clients. However my assumption is that, that the problem is not the
format being used, but the fact that newer AnyConnect versions use
multiple TCP connections instead of one. One for the username and one
for the password which is killing the state machine in
src/worker-auth.c.
If it helps, I can do another man in the middle attack with a fake
password and post the pcap here. When you look at that you'll see that
it is in fact not one TCP connection but multiple.
Cheers,
Thomas
