On Fri, Aug 17, 2018 at 7:14 AM, Corey Gilks <coreygilks at gmail.com> wrote: > All, > > I'm not certain if this is the appropriate place for this- if not I > apologize! I was doing some research on generating openconnect CSD > files and stumbled upon this discussion: > > http://lists.infradead.org/pipermail/openconnect-devel/2015-January/002544.html > > I wanted to let everyone know that I have automated this process. It's > now possible to automatically generate openconnect CSD files in order > to bypass the Cisco hostscan requirement. Even if the organization is > not publishing binaries for your specific OS you can still connect. > You can find the project here: > > https://github.com/Gilks/hostscan-bypass > > I realize this isn't really a question but I wanted to notify the > openconnect dev team in case someone asks this again in the future! > Very nice! I wish I had known that other people had MITM'ed the (incredibly dumb) CSD/hostscan binaries? I had literally wasted weeks trying to work around broken Linux and Windows hostscan binaries. David Woodhouse recently added a static spoofer script to openconnect: http://git.infradead.org/users/dwmw2/openconnect.git/commitdiff/6eb0a6e3c4e8ae160154a4039a150c4d6a97b7ca It's basically a version of what your hostscan-bypass does, but with pre-filled-in values. Seems to get the job done on the Cisco VPNs that require it? is there any advantage to using a customized version, other than simply to be more honest in what you're reporting to the server?
