Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support for 2FA #1

Open
SethCalkins opened this issue May 16, 2017 · 2 comments
Open

Support for 2FA #1

SethCalkins opened this issue May 16, 2017 · 2 comments
Labels
enhancement

Comments

@SethCalkins
Copy link

Our SC uses 2FA in addition to user Pass .. is there any way to implement this?
@jacobeturpin
Copy link
Owner

Need to investigate how this would be implemented.

As of the latest stable build (6.2.12963), the application's authentication is handled via an ASP.NET web form rather than exposing an API. This issue likely is not a trivial change unless the core product's APIs are altered.

@jacobeturpin jacobeturpin self-assigned this May 18, 2017
@jacobeturpin
Copy link
Owner

I was able to get a very rough prototype of this working through a simple script. The following will load the login page, parse for necessary values like the ASPX view state, and submit the appropriate values.

import json
import requests
from bs4 import BeautifulSoup

url = 'https://{removed}.screenconnect.com'
user = 'test'
pwd = '{removed}'


sess = requests.session()

r = sess.get(url + '/Login')
soup = BeautifulSoup(r.content)

user_name_box = soup.find('input', {'id': 'Main_userNameBox'})
un_name = user_name_box.attrs['name']
pwd_box = soup.find('input', {'id': 'Main_passwordBox'})
pwd_name = pwd_box.attrs['name']
view_state = soup.find('input', {'id': '__VIEWSTATE'})
vs_hash = view_state.attrs['value']
vs_generator_box = soup.find('input', {'id': '__VIEWSTATEGENERATOR'})
vs_gen = vs_generator_box.attrs['name']

payload = {
    '__LASTFOCUS': None,
    '__EVENTTARGET': None,
    '__EVENTARGUMENT': None,
    '__VIEWSTATE': vs_hash,
    '__VIEWSTATEGENERATOR': vs_gen,
    un_name: user,
    pwd_name: pwd,
    'ctl00$Main$loginButton': 'Login'
}
r1 = sess.post(url + '/Login', data=payload)
soup2 = BeautifulSoup(r1.content)

view_state = soup2.find('input', {'id': '__VIEWSTATE'})
vs_hash = view_state.attrs['value']
vs_generator_box = soup2.find('input', {'id': '__VIEWSTATEGENERATOR'})
vs_gen = vs_generator_box.attrs['name']
mfa_box = soup2.find('input', {'id': 'Main_oneTimePasswordBox'})
mfa_name = mfa_box.attrs['name']
mfa_code = input('Enter MFA code:  ')


payload2 = {
    '__LASTFOCUS': None,
    '__EVENTTARGET': None,
    '__EVENTARGUMENT': None,
    '__VIEWSTATE': vs_hash,
    '__VIEWSTATEGENERATOR': vs_gen,
    mfa_name: mfa_code,
    'ctl00$Main$loginButton': 'Login'
}
r2 = sess.post(url + '/Login', data=payload2)



r3 = sess.get(url + '/Services/PageService.ashx/GetHostSessionInfo')  # Confirm auth w/ this endpoint
print(json.loads(r3.content))

r4 = sess.post(url + '/Login?Reason=7')  # Logout
sess.close()

I'll take this and begin refactoring the authentication logic to conditionally check if MFA is present or not, and prompt for MFA if necessary. This will likely only support the user-input code MFA flow at first, as it won't be robust enough to wait for something like Duo's push notifications for consent initially.

@jacobeturpin jacobeturpin removed their assignment Nov 15, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@SethCalkins @jacobeturpin