search

ancwrd1 / snx-rs

Open Source Linux Client For Check Point VPN Tunnels
GNU Affero General Public License v3.0
117 stars 8 forks source link

Possibility of TOTP support #2

Closed evgenym87 closed 10 months ago

evgenym87 commented 1 year ago

Hello! Is it possible to support the TOTP protocol (for using with the Indeed Key)?

ancwrd1 commented 1 year ago

I guess it is possible if I know the protocol details. Is it username/password + TOTP, just TOTP or something else? You could run the snx-rs -m info -s <serveraddress> and paste the output.

evgenym87 commented 1 year ago

At first I send to checkpoint endpoint in Windows key from Indeed mobile app, then i send password (in two actions, not just password+RSA key in one string). SNX (at least, version that we are using) can't do this, just checkpoint endpoint in Windows.

ancwrd1 commented 1 year ago

Unfortunately the server I have access to isn't configured for this kind of authentication so it's hard to reverse engineer how it works.

You could try getting some information from your Checkpoint server and sharing it here (it's actually public and is obtainable via HTTP call):

snx-rs -m info -s <serveraddress>

It will print the JSON output which contains among other things the details about authentication types. You can filter out any public IP addresses or anything else considered private.

Another possibility is to use mitmproxy (mitmweb) utility and intercept the communication (e.g. by pointing the official application to your PC which runs mitmweb on port 443).

ancwrd1 commented 11 months ago

The current main branch has initial support for MFA codes.

ancwrd1 commented 10 months ago

Marking as done.