Closed DistantThunder closed 5 months ago
Hi, yeah, I think it's possible but I need to know the requests and responses for MFA codes. The server I have access to doesn't have it enabled unfortunately. If you have a working official client you could use mitmproxy to intercept the traffic:
mitmweb -m reverse:https://serveraddress@443
Then point the official Checkpoint VPN client to https://localhost (or the machine where you run mitmweb), and open a web browser at http://127.0.0.1:8081 to see the traffic.
Hi, I have found some information about MFA exchange, there is a branch called "mfacode", you could check it out, build (with "cargo build", requires Rust compiler) and try.
That should be finished now and part of the main code branch.
Hi & Happy New Year to you!
I found this very promising client to try to solve Checkpoint incompetence about this whole affair.
In my org, they use SMS based MFA.
When using:
sudo snx-rs -t false -N false -u xxx -s yyy -p $pass -l debug -o vpn
I still get the SMS with the MFA code however! So we're close. Do you think it'd be possible to implement a prompt to input the code?
Thank you!