On Sun, Jan 4, 2015 at 7:46 AM, Fromzy <fromzy at gmail.com> wrote: > Kevin, > > I follow your idea and I used SSLSPLIT as a mitmproxy. It works like a > charm and copy every single sessions to a log file decrypted. Nice and > easy > I have find the POST you found on your side and this so long data list > (endpoint.xxx = "parameter") = more than 800 lines: > There is not the headers as you talked about. Perhaps in newer > AnyConnect version it is different or SSLSPLIT is only recording > common headers ? > The complete session log is here : http://pastebin.com/nGtcyeKA Yes, that's it. Mine was a couple hundred lines long too. It's mostly unused; the client sends "everything" and the server picks and chooses what to look at. You can start by using the CSD wrapper script to POST that entire output from openconnect, and if that works, try cutting it in half each time until you find that it's rejecting logins. That will let you narrow down the parts that are really needed. The endpoint.policy.location line is probably mandatory (for me that's the only part it cared about).