Research Academy
My account Customers About Blog Careers Legal Contact Resellers

Burp Suite User Forum

Create new post

Testing through Cisco Smart Tunnel

PG | Last updated: Jan 19, 2015 09:13PM UTC

Has anyone ever tested an application that required them to use Cisco's Smart Tunnel SSL VPN? This is the quick one liner from Cisco discussing this solution: "A smart tunnel is a connection between a TCP-based application and a private site, using a clientless (browser-based) SSL VPN session with the security appliance as the pathway and the security appliance as a proxy server." I'm attempting to perform a test on an internal-only application using Cisco's Smart Tunnel clientless SSL VPN. If I don't use Burp and just use Wireshark to monitor my traffic, I can run Firefox and log in to the SSL VPN and launch the Smart Tunnel. Then I open a new tab in Firefox and can access the web application. Wireshark shows all this traffic being directed to the IP address of the Cisco VPN host. If I use Burp, I can use Firefox to login to the VPN and launch the Smart Tunnel. However, when I open a new tab and enter the URL for the application, the traffic gets directed to the IP address that the hostname resolves to and the request times out as the host isn't accessible externally. I have never dealt with a VPN solution that didn't use some client, alter my route table, and/or show a new network interface/IP address on my host. Things I have tried that failed: Added a new proxy listener and enabled invisible proxying Added the Cisco device as an upstream proxy In hostname resolution, put the IP address of the Cisco device as the IP of the application I'm testing If anyone has tested an application while using this "smart tunnel" feature, I would be grateful to know how you configured Burp to be successful. Thank you.

PortSwigger Agent | Last updated: Jan 20, 2015 09:19AM UTC

I haven't ever used the Cisco Smart Tunnel SSL VPN. Getting the browser to send traffic through Burp should be easy enough (either through normal proxy settings or an invisible proxy listener and modified OS hosts file), so I assume that part is working. In terms of getting Burp's outbound traffic to use the VPN, the most promising of the options you've tried is to configure Burp's hostname resolution settings to map the app's hostname to the IP of the Cisco device. I would suggest running Wireshark with Burp in this configuration and see what the difference is when compared with not having Burp in place.

Burp User | Last updated: Jan 21, 2015 02:01PM UTC

Thanks for your response. In the end I was unable to get it to work properly because of the way Smart Tunnel works. This was the first time I had come across this so at least now I know to tell clients that it isn't a proper solution for performing remote application pen tests on their internal resources.

Liam, PortSwigger Agent | Last updated: Jan 21, 2015 02:21PM UTC

We didn't explore testing applications using the Cisco Smart Tunnel SSL VPN any further. Have you tried using Wireshark with Burp in this configuration and see what the difference is when compared with not having Burp in place?

Burp User | Last updated: Mar 06, 2018 03:20PM UTC

Did you ever solve this? Im looking at testing a mobile app that uses a VPN Tunnel Application.

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.