When an iOS OpenVPN user goes to the Import Profile URL screen, what is the expected interaction between the client and the server?
Does the client do a GET? Is the server supposed to respond with a specific document?
What does the ladder diagram for this flow look like?
How would a server need to respond to Import Profile with URL flow?
-
- OpenVpn Newbie
- Posts: 10
- Joined: Wed Jun 05, 2013 5:36 pm
-
- OpenVpn Newbie
- Posts: 10
- Joined: Wed Jun 05, 2013 5:36 pm
Re: How would a server need to respond to Import Profile with URL flow?
So, I did some Burp Suite reverse engineering, and am a bit closer to an answer. But still not clear on what the expected flow is.
When the user first enters the URL and clicks Next, the client does an `HTTP HEAD` with `/?embedded=true`.
In the next screen, I enter a dummy user name and password, and click Import. As a result, I see 2 requests made to the server:
HTTP POST to /RPC2 with Basic Auth and the following XML in the body:
HTTP POST to /RPC2 with Basic Auth and the following XML in the body:
When the user first enters the URL and clicks Next, the client does an `HTTP HEAD` with `/?embedded=true`.
In the next screen, I enter a dummy user name and password, and click Import. As a result, I see 2 requests made to the server:
HTTP POST to /RPC2 with Basic Auth and the following XML in the body:
Code: Select all
<?xml version='1.0'?>
<methodCall>
<methodName>GetSession</methodName>
<params></params>
</methodCall>
Code: Select all
<?xml version='1.0'?>
<methodCall>
<methodName>GetUserlogin</methodName>
<params></params>
</methodCall>