How would a server need to respond to Import Profile with URL flow?

Post Reply
hansooloo
OpenVpn Newbie
Posts: 10
Joined: Wed Jun 05, 2013 5:36 pm

How would a server need to respond to Import Profile with URL flow?

Post by hansooloo » Tue Mar 03, 2020 2:33 pm

When an iOS OpenVPN user goes to the Import Profile URL screen, what is the expected interaction between the client and the server?

Does the client do a GET? Is the server supposed to respond with a specific document?

What does the ladder diagram for this flow look like?

hansooloo
OpenVpn Newbie
Posts: 10
Joined: Wed Jun 05, 2013 5:36 pm

Re: How would a server need to respond to Import Profile with URL flow?

Post by hansooloo » Tue Mar 03, 2020 3:21 pm

So, I did some Burp Suite reverse engineering, and am a bit closer to an answer. But still not clear on what the expected flow is.

When the user first enters the URL and clicks Next, the client does an `HTTP HEAD` with `/?embedded=true`.

In the next screen, I enter a dummy user name and password, and click Import. As a result, I see 2 requests made to the server:

HTTP POST to /RPC2 with Basic Auth and the following XML in the body:

Code: Select all

<?xml version='1.0'?>
<methodCall>
  <methodName>GetSession</methodName>
  <params></params>
</methodCall>
HTTP POST to /RPC2 with Basic Auth and the following XML in the body:

Code: Select all

<?xml version='1.0'?>
<methodCall>
  <methodName>GetUserlogin</methodName>
  <params></params>
</methodCall>

Post Reply