On Sun, Jan 4, 2015 at 1:46 AM, Fromzy <fromzy at gmail.com> wrote: > Thanks Kevin. Really valuable information. > Unfortunately without help from server side, it's going to be nearly > impossible to find the good CSD answer. > And my company has put in place all these mechanism to force us to use the > "corporate laptop". So they will not accept to explain me how to not use > it... I was in a similar situation, and used stunnel 3 + tcpflow to sniff the CSD response. Then I kept deleting items from the POST response and narrowed it down to the bare minimum the gateway would accept. You could also try mitmproxy although that never worked right for me. My final result was as simple as: #!/bin/bash function run_curl { curl \ --insecure \ --user-agent "AnyConnect Windows $ver" \ --header "X-Transcend-Version: 1" \ --header "X-Aggregate-Auth: 1" \ --header "X-AnyConnect-Platform: $plat" \ --cookie "sdesktop=$token" \ "$@" } set -e host=https://$CSD_HOSTNAME plat=win ver=3.1.00495 token=$CSD_TOKEN run_curl --data-ascii @- "$host/+CSCOE+/sdesktop/scan.xml?reusebrowser=1" <<-END endpoint.policy.location="corplaptop"; END exit 0 The policy name will vary based on how the admins set things up. You can probably infer it from looking at https://<HOSTNAME>/CACHE/sdesktop/data.xml You may have to paste a bunch of extra stuff from the real CSD response into the POST data.