On Mon, Mar 23, 2020 at 4:43 PM [email protected] <[email protected]> wrote: > > As much as I would like the share the capture, I'm not really sure I > have the liberty of sharing it? As there could be private information > contained within it. I know that makes this more difficult for me.
One approach is to try to put together an anonymized document that describes the protocol abstractly, like I did here for GlobalProtect as I was studying it: https://github.com/dlenski/openconnect/blob/master/PAN_GlobalProtect_protocol_doc.md The good news is that a lot of the information needed to add support for Cisco IPSEC is probably right there in the headers of the CSTP connection request/response which we already understand very well. Try connect to your server with `openconnect --dump -vvvv`, and start looking for HTTP headers that mention IPSEC or ESP. It's all plain text at that point, so it should be quite straightforward to identify and obfuscate anything that may be sensitive (e.g. username, password, cookies, secret values). Dan _______________________________________________ openconnect-devel mailing list [email protected] http://lists.infradead.org/mailman/listinfo/openconnect-devel
