Testing through Cisco Smart Tunnel
Has anyone ever tested an application that required them to use Cisco's Smart Tunnel SSL VPN? This is the quick one liner from Cisco discussing this solution:
"A smart tunnel is a connection between a TCP-based application and a private site, using a clientless (browser-based) SSL VPN session with the security appliance as the pathway and the security appliance as a proxy server."
I'm attempting to perform a test on an internal-only application using Cisco's Smart Tunnel clientless SSL VPN.
If I don't use Burp and just use Wireshark to monitor my traffic, I can run Firefox and log in to the SSL VPN and launch the Smart Tunnel. Then I open a new tab in Firefox and can access the web application. Wireshark shows all this traffic being directed to the IP address of the Cisco VPN host.
If I use Burp, I can use Firefox to login to the VPN and launch the Smart Tunnel. However, when I open a new tab and enter the URL for the application, the traffic gets directed to the IP address that the hostname resolves to and the request times out as the host isn't accessible externally.
I have never dealt with a VPN solution that didn't use some client, alter my route table, and/or show a new network interface/IP address on my host.
Things I have tried that failed:
Added a new proxy listener and enabled invisible proxying
Added the Cisco device as an upstream proxy
In hostname resolution, put the IP address of the Cisco device as the IP of the application I'm testing
If anyone has tested an application while using this "smart tunnel" feature, I would be grateful to know how you configured Burp to be successful. Thank you.
I haven’t ever used the Cisco Smart Tunnel SSL VPN. Getting the browser to send traffic through Burp should be easy enough (either through normal proxy settings or an invisible proxy listener and modified OS hosts file), so I assume that part is working. In terms of getting Burp’s outbound traffic to use the VPN, the most promising of the options you’ve tried is to configure Burp’s hostname resolution settings to map the app’s hostname to the IP of the Cisco device. I would suggest running Wireshark with Burp in this configuration and see what the difference is when compared with not having Burp in place.
We didn’t explore testing applications using the Cisco Smart Tunnel SSL VPN any further. Have you tried using Wireshark with Burp in this configuration and see what the difference is when compared with not having Burp in place?