-
-
Save halocaridina/99466e4b1d08e57fb9dd to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
-- 1. Create a new generic password entry in Keychain Access called "WHATEVER_AnyConnect_VPN" (the name in Keychain access must match that in line 39 below) with your password for the Cisco AnyConnect VPN server. | |
-- 2. Open this script in Script Editor (both this and the above are in the Applications->Utilities folder) and "Save as.." an Application (.app) with desired name. | |
-- 3. Open Security & Privacy System Preferences, go to Privacy, Accessibility. | |
-- 4. Enable the above .app so it can access Accessibility | |
-- 5. Copy and paste a nice icon on the generic Applescript icon (I used a copy of the default AnyConnect one) | |
-- 6. Add the new .app to /Users/[yourshortname]/Applications with a shortcut to your Dock | |
-- 7. Enjoy the fast connection with no need to enter password and increased security of not having a sensitive password stored as plain text | |
-- 8. Run script again to close connection | |
-- AnyConnect now refered to as targetApp | |
set targetApp to "Cisco AnyConnect Secure Mobility Client" | |
-- Determine if AnyConnect is currently running | |
tell application "System Events" | |
set processExists to exists process targetApp | |
end tell | |
-- Close connection if running; else start connection and fill in password | |
if processExists is true then | |
tell application targetApp | |
quit | |
end tell | |
else | |
tell application targetApp | |
activate | |
end tell | |
tell application "System Events" | |
-- Wait for first window to open. Do nothing. | |
repeat until (window 1 of process targetApp exists) | |
delay 1 | |
end repeat | |
-- You may need to uncomment below if your OpenConnect implementation requires a keystroke to accept the default VPN | |
-- tell process targetApp | |
-- keystroke return | |
-- end tell | |
-- Wait for second window to open and then automatically enter password extracted from your Keychain | |
repeat until (window 2 of process targetApp exists) | |
delay 2 | |
end repeat | |
tell process targetApp | |
-- This is where the the password in the Keychain is accessed for use as input rather than being hardcoded as plain text in other versions of this script out in the wild | |
delay 4 | |
set inString to "WHATEVER_AnyConnect_VPN" | |
set PSWD to do shell script "/usr/bin/security find-generic-password -wl " & quoted form of inString | |
keystroke PSWD as text | |
keystroke return | |
end tell | |
-- Autoclick on "Accept" of AnyConnect Banner window. If you have no welcome banner that needs acceptance, comment out these lines to the first "end tell" below | |
repeat until (window "Cisco AnyConnect - Banner" of process targetApp exists) | |
delay 2 | |
end repeat | |
tell process targetApp | |
keystroke return | |
end tell | |
end tell | |
end if |
Nice script! Check out my menubar app that persists credentials and provides a GUI to connect to the VPN.
https://github.com/bariskalem/NowConnect
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
This script is awesome, but it has a major security flaw: since it's just typing into a field, it will actually type into whatever field happens to be in focus, not specifically AnyConnect. I learned this the hard way when I accidentally broadcast my system password into a Slack channel (and immediately had to go change it.)
I wrote a revision that addresses this by explicitly targeting the window and field, and setting the value rather than just typing keystrokes. You might have to adjust the window numbers, etc. if your config is slightly different. I recommend UI Browser (https://pfiddlesoft.com/uibrowser/) to help figure out how to refer to the various elements.