On Sun, Jan 4, 2015 at 1:46 AM, Fromzy <fromzy at gmail.com> wrote:
> Thanks Kevin. Really valuable information.
> Unfortunately without help from server side, it's going to be nearly
> impossible to find the good CSD answer.
> And my company has put in place all these mechanism to force us to use the
> "corporate laptop". So they will not accept to explain me how to not use
> it...
I was in a similar situation, and used stunnel 3 + tcpflow to sniff
the CSD response. Then I kept deleting items from the POST response
and narrowed it down to the bare minimum the gateway would accept.
You could also try mitmproxy although that never worked right for me.
My final result was as simple as:
#!/bin/bash
function run_curl
{
curl \
--insecure \
--user-agent "AnyConnect Windows $ver" \
--header "X-Transcend-Version: 1" \
--header "X-Aggregate-Auth: 1" \
--header "X-AnyConnect-Platform: $plat" \
--cookie "sdesktop=$token" \
"$@"
}
set -e
host=https://$CSD_HOSTNAME
plat=win
ver=3.1.00495
token=$CSD_TOKEN
run_curl --data-ascii @- "$host/+CSCOE+/sdesktop/scan.xml?reusebrowser=1" <<-END
endpoint.policy.location="corplaptop";
END
exit 0
The policy name will vary based on how the admins set things up. You
can probably infer it from looking at
https://<HOSTNAME>/CACHE/sdesktop/data.xml
You may have to paste a bunch of extra stuff from the real CSD
response into the POST data.
