Name is required.
Email address is required.
Invalid email address
Answer is required.
Exceeding max length of 5KB

Testing through Cisco Smart Tunnel

PG Jan 19, 2015 09:13PM UTC

Has anyone ever tested an application that required them to use Cisco's Smart Tunnel SSL VPN? This is the quick one liner from Cisco discussing this solution:
"A smart tunnel is a connection between a TCP-based application and a private site, using a clientless (browser-based) SSL VPN session with the security appliance as the pathway and the security appliance as a proxy server."

I'm attempting to perform a test on an internal-only application using Cisco's Smart Tunnel clientless SSL VPN.

If I don't use Burp and just use Wireshark to monitor my traffic, I can run Firefox and log in to the SSL VPN and launch the Smart Tunnel. Then I open a new tab in Firefox and can access the web application. Wireshark shows all this traffic being directed to the IP address of the Cisco VPN host.

If I use Burp, I can use Firefox to login to the VPN and launch the Smart Tunnel. However, when I open a new tab and enter the URL for the application, the traffic gets directed to the IP address that the hostname resolves to and the request times out as the host isn't accessible externally.

I have never dealt with a VPN solution that didn't use some client, alter my route table, and/or show a new network interface/IP address on my host.

Things I have tried that failed:
Added a new proxy listener and enabled invisible proxying
Added the Cisco device as an upstream proxy
In hostname resolution, put the IP address of the Cisco device as the IP of the application I'm testing

If anyone has tested an application while using this "smart tunnel" feature, I would be grateful to know how you configured Burp to be successful. Thank you.

Dafydd Stuttard Jan 21, 2015 08:47AM UTC Support Center agent

I haven’t ever used the Cisco Smart Tunnel SSL VPN. Getting the browser to send traffic through Burp should be easy enough (either through normal proxy settings or an invisible proxy listener and modified OS hosts file), so I assume that part is working. In terms of getting Burp’s outbound traffic to use the VPN, the most promising of the options you’ve tried is to configure Burp’s hostname resolution settings to map the app’s hostname to the IP of the Cisco device. I would suggest running Wireshark with Burp in this configuration and see what the difference is when compared with not having Burp in place.

PG Jan 21, 2015 02:01PM UTC
Thanks for your response. In the end I was unable to get it to work properly because of the way Smart Tunnel works. This was the first time I had come across this so at least now I know to tell clients that it isn't a proper solution for performing remote application pen tests on their internal resources.

paul nash Mar 06, 2018 03:20PM UTC
Did you ever solve this? Im looking at testing a mobile app that uses a VPN Tunnel Application.

Liam Tai-Hogan Mar 07, 2018 04:04PM UTC Support Center agent

We didn’t explore testing applications using the Cisco Smart Tunnel SSL VPN any further. Have you tried using Wireshark with Burp in this configuration and see what the difference is when compared with not having Burp in place?

Post Your public answer

Your name
Your email address