GlobalProtect can send the challenge-based 2FA form in an even stupider way (!411) · Merge requests · OpenConnect VPN projects / OpenConnect

Daniel Lenski requested to merge GlobalProtect_JavaScript_challenge_2FA_wrapped_in_HTML into master Sep 17, 2022

To the previously-known possibilities of XML and JavaScript, we must now add "JavaScript as the body of an HTML document".

From #495 (closed), here's the form in which one GlobalProtect server sends its challenge/2FA form:

<html>
  <head></head>
  <body>
  var respStatus = "Challenge";
  var respMsg = "Enter a passcode or select an option to continue: 1 - Push. Enter &#39;0&#39; to abort.";
  thisForm.inputStr.value = "631e685100000570";
</body>
</html>

Fortunately, this is fairly easy to handle by simply passing the contents of the

tag to parse_javascript(). This also adds production of 2FA challenges in this form to the fake GP server, so that we can test against it.

GlobalProtect can send the challenge-based 2FA form in an even stupider way

Merge request reports