Thanks for the gist, making definite progress. Pulse now connects through mitmdump's proxy. I get some basic logging in the console, but the /tmp dir does not contain any logs using the command in the gist (substituting my Pulse Secure endpoint of course). Any ideas? On Tue, 2018-09-04 at 05:52 -0700, Daniel Lenski wrote: > Sorry, here's the forgotten Gist: > https://gist.github.com/dlenski/33bfa3a8691686d02ddaf7a51843a89a > > On Tue, Sep 4, 2018 at 2:42 AM, Brandon Liles <brandon.liles at gmail.co > m> wrote: > > Client Version: > > Pulse Secure 5.3.4 (1183) > > I did install the root Fiddler MITM cert and Fiddler automatically > creates certs on the fly for the sites you visit for HTTPS decryption > if you've enabled that feature. > > Right now I get stuck just after the following two requests to the > Pulse endpoint, which look like this: > > 1. Results in a 200 > CONNECT xxxxx:443 HTTP/1.1 > User-Agent: Mozilla/4.0 > Host: xxxxx > > 2. Never completes > GET https://xxxxx/ HTTP/1.1 > Host: xxxxx > Connection: keep-alive > User-Agent: odJPAService > Content-type: EAP > Upgrade: IF-T/TLS 1.0 > Content-length: 0 > > > This first CONNECT is just the interaction with the proxy itself, I > think. Probably this second GET is a fake > GET-that-should-really-be-a-CONNECT which the proxy doesn't know how > to handle. Though I can't say I recognize it from my MITM'ing of > Juniper clients past? > > Dan >
