AttributeError: 'NoneType' object has no attribute 'encode' #9
Comments
|
Thanks for the bug-report. Fixed in the latest commit. |
|
Hello,
Bye, |
|
I've pushed another change, can you test directly from git or are you using pypi? |
|
Yes, the new patch fix the password problem. Now I get a different error message:
Is this something I can work around? Thank you, |
|
On Thu, Sep 28, 2017 at 03:10:45AM -0700, eppesuig wrote:
Yes, the new patch fix the password problem. Now I get a different error message:
> Login failed (expected MultiChallenge)
Is this something I can work around?
The code currently expects a second password challenge (part of the url
contains MultiChallenge) with a one-time password sent to a mobile
phone -- do you know how your vpn is set up, does it do this second
challenge?
You can run the program with --debug which prints some more information.
You should edit out site-url before posting this to github.
Ralf
--
Dr. Ralf Schlatterbeck Tel: +43/2243/26465-16
Open Source Consulting www: http://www.runtux.com
Reichergasse 131, A-3411 Weidling email: office@runtux.com
|
|
I may connect from Windows and cisco client without any second password.
|
|
On Thu, Sep 28, 2017 at 03:26:50AM -0700, eppesuig wrote:
...
> Login failed (expected MultiChallenge)
> Login failed (no MultiChallenge): https://vpn.XXXX.com/sslvpn/Login/Login
OK, this looks like it's asking for the secondary (phone) password which
is not configured for your instance.
I've refactored this to not ask for the second PW if we don't get a
MultiChallenge response.
Can you check what this is doing now, I'm just guessing here because I
don't have a VPN without a second password to test.
Sorry for the delay, I don't have much time to work on this currently...
Ralf
--
Dr. Ralf Schlatterbeck Tel: +43/2243/26465-16
Open Source Consulting www: http://www.runtux.com
Reichergasse 131, A-3411 Weidling email: office@runtux.com
|
|
Hello RAlf,
Bye, P.S. Don't bother about delays: I am busy too :-) |
|
On Wed, Oct 04, 2017 at 12:15:47AM -0700, eppesuig wrote:
Hello RAlf,
this is the output I get, with debug.
>
> Unexpected response, looking for MultiChallenge or Portal
> purl: https://vpn.XXXXX.com/sslvpn/Login/Login
Looks like it's taking you back to login.
It may well be that I'm missing some parameters in a post request.
Are you able to log in via browser?
In my experiments sometimes logging in via browser, trying to establish
a VPN connection (which fails due to Java problems) and disconnecting
will then make it work with snxconnect -- which indicates I'm still
missing some magic. Can you try this?
That said, are you able to further debug this, I'm using mitmdump from
the mitmproxy.org suite. There is an installer in the download section
on that webside that doesn't need lots of python modules...
You also may be successful just using the snx binary directly. This has
a config-file ~/.snxrc with "server" and "username" settings if you
don't want to specify this on the command-line. On the other hand the
connection stuff in snx uses outdated crypto and may not work with your
vpn -- the undocumented option I'm using is also used by the Java
framework and bypasses the login stuff (which is handled by java or
snxconnect)
% snx --help
Check Point's Linux SNX
build 800007116
usage: snx -s <server> {-u <user>|-c <certfile>} [-l <ca dir>] [-p <port>] [-r] [-g] [-e <cipher>]
run SNX using given arguments
snx -f <cf> run the snx using configuration file
snx run the snx using the ~/.snxrc
snx -d disconnect a running SNX daemon
-s <server> connect to server <server>
-u <user> use the username <user>
-c <certfile> use the certificate file <certfile>
-l <ca dir> get trusted ca's from <ca dir>
-p <port> connect using port <port>
-g enable debugging
-e <cipher> SSL cipher to use: RC4 or 3DES
Ralf
--
Dr. Ralf Schlatterbeck Tel: +43/2243/26465-16
Open Source Consulting www: http://www.runtux.com
Reichergasse 131, A-3411 Weidling email: office@runtux.com
|
|
Hello Ralf,
so, I opened a browser, connected via the proxy to "https://vpn.XXXXX.com/" and saved the SSL certificate. Then, from root, I moved that file in /usr/local/share/ca-certificates/mitmit.crt and ran update-ca-certificates. Now that CA should have been trusted by openssl applications like python. Thank you, |
|
On Wed, Oct 04, 2017 at 07:36:27AM -0700, eppesuig wrote:
Hello Ralf,
I did install debian package mitmproxy and run it. It opened a regular
proxy on localhost:8080. I setup the environment variable
https_proxy=http://localhost:8080 before running your program, and I
got the error message:
> urllib.error.URLError: <urlopen error [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:720)>
so, I opened a browser, connected via the proxy to "https://vpn.XXXXX.com/" and saved the SSL certificate. Then, from root, I moved that file in /usr/local/share/ca-certificates/mitmit.crt and ran update-ca-certificates. Now that CA should have been trusted by openssl applications like python.
I ran again your program and got the same error. Do you have any
suggestion on how to proceed?
I had configured mitmproxy so that the local url is http while the
remote url is https. This will work for the whole handshake part
(including doing this in the browser) but of course starting snxvpn on
that connection is impossible.
From my notes:
"
mitmdump -R https://example.com -z -p 6060 --anticache \
--replace='+~hq Host+localhost:6060+example.com' \
--replace='+~hs Set-Cookie+ secure;+' \
--replace='+~hs Location+https://example.com+http://localhost:6060' \
-w outfile
Rewrite cookies to remove secure option so that browser will send back
the cookies via http. Listen to all interfaces not just 127.0.0.1.
"
You should replace example.com with your remote vpn url of course.
The url you connect to (with browser and/or snxconnect) is then
http://localhost:6060
Ralf
--
Dr. Ralf Schlatterbeck Tel: +43/2243/26465-16
Open Source Consulting www: http://www.runtux.com
Reichergasse 131, A-3411 Weidling email: office@runtux.com
|
|
Hello Ralf,
Do you have any idea about what I am doing wrong? Thank you very much, |
|
On Mon, Oct 16, 2017 at 11:53:03PM -0700, eppesuig wrote:
Hello Ralf,
I finally tried your suggestion, but I made some mistake since it did
not start. This is what I've done:
1. start mitmdump as you suggested, changing example.com with my VPN
server site URL
2. connected with this command: "env http_proxy=http://localhost:6060
snxconnect --debug --host localhost:80 --snxpath /usr/bin/snx
--username ***@***.***". This did not use the proxy mitm
proxy and gave error «SSL: WRONG_VERSION_NUMBER»
3. I made the same command with https_proxy instead of http_proxy.
This used mitm proxy and gave error «urlopen error Tunnel
connection failed: 400 Bad Request». I know it uses mitm since mitm
wrote on its stdout «HTTP protocol error in client request: Invalid
HTTP request form (expected: relative, got: authority)».
Do you have any idea about what I am doing wrong?
Hmm, my suggestion was to connect with the browser and see if you are
able to login. The browser wouldn't see a https connection and you would
be able to sniff all the traffic between the browser and the proxy (e.g.
using tcpdump and/or wireshark, I normally use tcpdump to write the dump
to disk and then use wireshark to analyze). You wouldn't set a proxy in
the browser but instead directly connect to localhost:6060.
I've never tried to use ssl with mitmproxy -- you probably would need a
valid certificate for this to work. The main idea is to have the whole
traffic in clear between browser and proxy to be able to look at the
contents (although you can get that with mitmdump, too, but I prefer the
format that I see in wireshark).
Thanks for your patience :-)
Ralf
…--
Dr. Ralf Schlatterbeck Tel: +43/2243/26465-16
Open Source Consulting www: http://www.runtux.com
Reichergasse 131, A-3411 Weidling email: office@runtux.com
|
|
Hi Ralf, could you help me please? I'm trying to connect to Checkpoint VPN using linux, but I am stuck in this error: [root@fedora ~]# snxconnect -D -H vpnti.xxxxxx.com.br -U x213716 --save-cookies I'd appreciate any help |
|
@crschimidtsp I have the same problem, were you able to figure it out? |
|
I'm not sure if this helps but I'm using a fork of this project (https://github.com/agnis-mateuss/snxvpn) and I don't have issues with connecting to a CheckPoint VPN. |
|
@tuxflo Thank you for the link, I tried it (Installing the software, importing the self signed certificate, playing around with the options etc), but I always ended up with a Although I respect and appreciate the time people spend in these projects + helping others, it's like fighting in an already lost battle (No upstream vendor support from Checkpoint) :( |
Hello,
I am testing snxvpn with python3 on a debian stretch machine. I installed the program with pip3 and I installed python3-lxml as well. Now, when I run snxconnect with parameters --host, --snxpath, and --username, I get this error:
Any hint on what to check?
Thank you very much,
Giuseppe
The text was updated successfully, but these errors were encountered: