Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
tncc-emulate.py: add TNCC_USER_AGENT override variable
See https://gitlab.com/openconnect/openconnect/-/issues/207#note_465454559 for use case and discussion

Signed-off-by: Daniel Lenski <dlenski@gmail.com>
  • Loading branch information
dlenski committed Dec 13, 2020
1 parent 64e9776 commit 9404ac3
Show file tree
Hide file tree
Showing 2 changed files with 16 additions and 6 deletions.
15 changes: 11 additions & 4 deletions trojans/tncc-emulate.py
Expand Up @@ -33,9 +33,14 @@
# https://github.com/russdill/juniper-vpn-py/blame/master/README.host_checker):
#
# TNCC_DEVICE_ID: May need to be overriden to match a known value from a computer
# running the official Windows client software (obtained from the registry key
# running the official client software (on Windows, obtained from the registry key
# \HKEY_CURRENT_USER\Software\Juniper Networks\Device Id)
#
# TNCC_USER_AGENT: May need to be overriden to match a known value from a computer
# running the official Windows client software. For historical reasons, the default
# value is 'Neoteris NC Http'; the value 'DSClient; PulseLinux' is known to be sent
# by the official Pulse Linux client.
#
# TNCC_FUNK: Set TNCC_FUNK=1 to force the use of client machine identification
# (known as "funk" to Juniper). This identification will include host platform,
# a list of network hardware/MAC addresses, and client certificates requested
Expand Down Expand Up @@ -270,7 +275,7 @@ def __init__(self, cert_file):
self.subject = self.decode_names(tbs['subject'])

class tncc(object):
def __init__(self, vpn_host, device_id=None, funk=None, platform=None, hostname=None, mac_addrs=[], certs=[], interval=None):
def __init__(self, vpn_host, device_id=None, funk=None, platform=None, hostname=None, mac_addrs=[], certs=[], interval=None, user_agent=None):
self.vpn_host = vpn_host
self.path = '/dana-na/'

Expand Down Expand Up @@ -304,7 +309,7 @@ def __init__(self, vpn_host, device_id=None, funk=None, platform=None, hostname=
self.br.set_debug_redirects(True)
self.br.set_debug_responses(True)

self.user_agent = 'Neoteris HC Http'
self.user_agent = user_agent
self.br.addheaders = [('User-agent', self.user_agent)]

def find_cookie(self, name):
Expand Down Expand Up @@ -636,6 +641,8 @@ def do_handshake(self, *args, **kw):

platform = os.environ.get('TNCC_PLATFORM', platform.system() + ' ' + platform.release())

user_agent = os.environ.get('TNCC_USER_AGENT', 'Neoteris HC Http')

if 'TNCC_HWADDR' in os.environ:
mac_addrs = [n.strip() for n in os.environ['TNCC_HWADDR'].split(',')]
else:
Expand Down Expand Up @@ -685,7 +692,7 @@ def do_handshake(self, *args, **kw):
# \HKEY_CURRENT_USER\Software\Juniper Networks\Device Id
device_id = os.environ.get('TNCC_DEVICE_ID')

t = tncc(vpn_host, device_id, funk, platform, hostname, mac_addrs, certs, interval)
t = tncc(vpn_host, device_id, funk, platform, hostname, mac_addrs, certs, interval, user_agent)
sock = socket.fromfd(0, socket.AF_UNIX, socket.SOCK_SEQPACKET)
server = tncc_server(sock, t)
while True:
Expand Down
7 changes: 5 additions & 2 deletions www/tncc.xml
Expand Up @@ -50,8 +50,11 @@ the <tt>trojans/</tt> subdirectory:</p>
<li><p><tt>tncc-emulate.py</tt>: This Python 3.x script does <b>not</b> actually run the <tt>tncc.jar</tt> binary.
Instead, it <i>emulates</i> the behaviour of the <tt>tncc.jar</tt> binary, rather than actually
executing it. Because this script does not actually execute a server-provided binary, security concerns are greatly
alleviated. However, it may require customization to work with VPNs that have modified
the behaviour of their Host Checker binaries in some way; consult its source code for details.</p>
alleviated.</p>

<p>It may require configuration or customization to work with VPNs that have modified
the behaviour of their Host Checker binaries in some way; consult its source code for details, starting with the
list of environment variables that may be set to overriden some of the data that it sends to the server.</p>

<p>This script is based entirely on <a href="https://github.com/russdill/juniper-vpn-py"><tt>tncc.py</tt>
from russdill/juniper-vpn-py on GitHub</a>.)</p></li>
Expand Down

0 comments on commit 9404ac3

Please sign in to comment.