Automatically generate OpenConnect CSD

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Fri, Aug 17, 2018 at 7:14 AM, Corey Gilks <coreygilks at gmail.com> wrote:
> All,
>
> I'm not certain if this is the appropriate place for this- if not I
> apologize! I was doing some research on generating openconnect CSD
> files and stumbled upon this discussion:
>
> http://lists.infradead.org/pipermail/openconnect-devel/2015-January/002544.html
>
> I wanted to let everyone know that I have automated this process. It's
> now possible to automatically generate openconnect CSD files in order
> to bypass the Cisco hostscan requirement. Even if the organization is
> not publishing binaries for your specific OS you can still connect.
> You can find the project here:
>
> https://github.com/Gilks/hostscan-bypass
>
> I realize this isn't really a question but I wanted to notify the
> openconnect dev team in case someone asks this again in the future!
>

Very nice! I wish I had known that other people had MITM'ed the
(incredibly dumb) CSD/hostscan binaries? I had literally wasted weeks
trying to work around broken Linux and Windows hostscan binaries.

David Woodhouse recently added a static spoofer script to openconnect:
http://git.infradead.org/users/dwmw2/openconnect.git/commitdiff/6eb0a6e3c4e8ae160154a4039a150c4d6a97b7ca

It's basically a version of what your hostscan-bypass does, but with
pre-filled-in values. Seems to get the job done on the Cisco VPNs that
require it? is there any advantage to using a customized version,
other than simply to be more honest in what you're reporting to the
server?



[Index of Archives]     [Linux Samsung SoC]     [Linux Rockchip SoC]     [Linux Actions SoC]     [Linux for Synopsys ARC Processors]     [Linux NFS]     [Linux NILFS]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]


  Powered by Linux