1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
|
#!/usr/bin/env python
import argparse
from xml.etree import ElementTree
import sys
import requests
import keyring
import urllib.parse
parser = argparse.ArgumentParser()
parser.add_argument('url', help="URL like https://smc.swivelsecure.net/smc/complete/...")
parser.add_argument('--debug')
args = parser.parse_args()
parsed_url = urllib.parse.urlparse(args.url)
parts = parsed_url.path.split('/')
assert parts[1] == 'smc'
assert parts[2] == 'complete'
user = parts[4]
code = parts[5]
# Yes, they really throw XML in as form-encoded because it just happens to have a = in it...
data = {"<?xml version": "'1.0' ?><SASRequest><Version>3.1</Version><Action>Provision</Action><Username>{}</Username><ProvisionCode>{}</ProvisionCode></SASRequest>".format(user, code)}
user_agent = 'Mozilla/5.0 (Linux; Android 8.1.0; TA-1004 Build/OPR1.170623.026; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/68.0.3440.91 Mobile Safari/537.36'
headers = {
'User-Agent': user_agent,
'Origin': 'file://', # yes, really
# let's invent our own header which is an user agent because we put bullshit in the user agent data
'X-Requested-With': 'com.authcontrolmobile',
}
proxies = {'https': 'http://localhost:8080'} if args.debug else {}
verify = not args.debug
response = requests.post('https://sidv3611virt.hsr.ch/proxy/AgentXML', data=data, headers=headers, proxies=proxies, verify=verify)
response.raise_for_status()
print(response.text)
tree = ElementTree.fromstring(response.text)
assert tree.find('Version').text == '3.6'
assert tree.find('Result').text == 'PASS'
secret = tree.find('Id')
keyring.set_password('hsrvpn-gettokens', user, secret)
|
