Citrix脚本使用技巧与实战

1. Get initial logon cookies
𝑐𝑢𝑟𝑙𝑃𝑎𝑡ℎ="𝐶:\cURL"  curlPath="C:\cURL" outputFile = "𝑐𝑢𝑟𝑙𝑃𝑎𝑡ℎ\Login.𝑡𝑥𝑡"  curlPath\Login.txt" cookieJar = "𝑐𝑢𝑟𝑙𝑃𝑎𝑡ℎ\cookie.𝑡𝑥𝑡"  curlPath\cookie.txt" icaProg = "C:\Program Files (x86)\Citrix\ ICA Client\wfica32.exe"
𝑑𝑒𝑙𝑖𝑣𝑒𝑟𝑦𝐺𝑟𝑜𝑢𝑝𝑁𝑎𝑚𝑒="𝑆𝑦𝑠𝐴𝑑𝑚𝑖𝑛𝐴𝑠𝐴𝑆𝑒𝑟𝑣𝑖𝑐𝑒𝐷𝑒𝑠𝑘𝑡𝑜𝑝"  deliveryGroupName="SysAdminAsAServiceDesktop" username = "user@saaas.com"

   $password = "MyPassword"

$step = 1

.\curl.exe --cookie-jar 𝑐𝑜𝑜𝑘𝑖𝑒𝐽𝑎𝑟−−𝑜𝑢𝑡𝑝𝑢𝑡"  cookieJar−−output" (𝑐𝑢𝑟𝑙𝑃𝑎𝑡ℎ)\OUTPUT1.𝑡𝑥𝑡"−−𝑑𝑎𝑡𝑎"𝑙𝑜𝑔𝑖𝑛=  curlPath)\OUTPUT1.txt"−−data"login= (username)&passwd=   username)&passwd=  (password)" --header 'Accept: text/html, application/xhtml+xml, image/jxr, */*' --header 'Referer: https://desktop.saaas.com/vpn/index.html' "https://desktop.saaas.com/cgi/login"
2. /home/configuration - Get CSRF Token & ASP Session ID   password)" --header 'Accept: text/html, application/xhtml+xml, image/jxr, */*' --header 'Referer: https://desktop.saaas.com/vpn/index.html' "https://desktop.saaas.com/cgi/login" 2. /home/configuration - Get CSRF Token & ASP Session ID  step = 2

   .\curl.exe -- request   POST --location --cookie-jar 𝑐𝑜𝑜𝑘𝑖𝑒𝐽𝑎𝑟−−𝑐𝑜𝑜𝑘𝑖𝑒  cookieJar−−cookie cookieJar --output "(  ( curlPath)\OUTPUT2.txt" --dump-header "(  ( curlPath)\CSRF-Token.txt" --cacert "(  ( curlPath)\curl-ca-bundle.crt" --header 'Accept: application/xml, text/xml, */*; q=0.01' --header ' Content  -Length: 0' --header 'X-Citrix-IsUsingHTTPS: Yes' --header 'Referer: https://desktop.saaas.com/Citrix/StoreWeb/' "https://desktop.saaas.com/Citrix/StoreWeb/Home/Configuration"

   3. Find CSRF Token

   $step = 3

ℎ𝑒𝑎𝑑𝑒𝑟𝑠=𝐺𝑒𝑡−𝐶𝑜𝑛𝑡𝑒𝑛𝑡"  headers=Get−Content" (𝑐𝑢𝑟𝑙𝑃𝑎𝑡ℎ)\CSRF−𝑇𝑜𝑘𝑒𝑛.𝑡𝑥𝑡"|𝑆𝑒𝑙𝑒𝑐𝑡−𝑆𝑡𝑟𝑖𝑛𝑔"𝑆𝑒𝑡−𝐶𝑜𝑜𝑘𝑖𝑒:𝐶𝑠𝑟𝑓𝑇𝑜𝑘𝑒𝑛="  curlPath)\CSRF−Token.txt" | Select−String"Set−Cookie:CsrfToken=" csrfToken = (ℎ𝑒𝑎𝑑𝑒𝑟𝑠−𝑠𝑝𝑙𝑖𝑡"="−𝑠𝑝𝑙𝑖𝑡";")[1]𝑒𝑐ℎ𝑜(  headers−split"="−split";")[1]echo( csrfToken)

   3a. Storefront GetAuthMethods - must do this before login

   .\curl.exe --request POST --cookie-jar 𝑐𝑜𝑜𝑘𝑖𝑒𝐽𝑎𝑟−−𝑐𝑜𝑜𝑘𝑖𝑒  cookieJar−−cookie cookieJar --output "(  ( curlPath)\OUTPUT3.txt" --header 'Accept: application/xml, text/xml, */*; q=0.01' --header "Csrf-Token: (  ( csrfToken)" --header 'X-Citrix-IsUsingHTTPS: Yes' --header 'Referer: https://desktop.saaas.com/Citrix/StoreWeb/' --header 'Content-Length: 0' "https://desktop.saaas.com/Citrix/StoreWeb/Authentication/GetAuthMethods"

   4. Storefront login

   $step = 4

.\curl.exe --request POST --cookie-jar 𝑐𝑜𝑜𝑘𝑖𝑒𝐽𝑎𝑟−−𝑐𝑜𝑜𝑘𝑖𝑒  cookieJar−−cookie cookieJar --header 'Accept: application/xml, text/xml, */*; q=0.01' --header "Csrf-Token: (  ( csrfToken)" --header 'X-Citrix-IsUsingHTTPS: Yes' --header 'Referer: https://desktop.saaas.com/Citrix/StoreWeb/' --header 'Content-Length: 0' "https://desktop.saaas.com/Citrix/StoreWeb/GatewayAuth/Login"

   5. List resources  

   $step = 5

.\curl.exe --request POST --cookie-jar 𝑐𝑜𝑜𝑘𝑖𝑒𝐽𝑎𝑟−−𝑐𝑜𝑜𝑘𝑖𝑒  cookieJar−−cookie cookieJar --output "(  ( curlPath)\Resources.json" --header 'Content-Type: application/x-www-form-urlencoded; charset=UTF-8' --header 'Accept: application/json, text/javascript, */*; q=0.01' --header "Csrf-Token: (  ( csrfToken)" --header 'X-Citrix-IsUsingHTTPS: Yes' --header 'Referer: https://desktop.saaas.com/Citrix/StoreWeb/' --data "format=json&resourceDetails=Default" "https://desktop.saaas.com/Citrix/StoreWeb/Resources/List"

𝑗=(𝐺𝑒𝑡−𝐶𝑜𝑛𝑡𝑒𝑛𝑡"  j=(Get−Content" curlPath\Resources.json" -Raw) | ConvertFrom-Json 𝑑𝑒𝑠𝑘𝑡𝑜𝑝𝐷𝑒𝑙𝑖𝑣𝑒𝑟𝑦𝐺𝑟𝑜𝑢𝑝=  desktopDeliveryGroup= j.resources | where {\_.name -eq "Sysadmin As A Service Desktop"}
6. Launch URL   \_.name -eq "Sysadmin As A Service Desktop"} 6. Launch URL  step = 6

.\curl.exe --request GET --cookie-jar 𝑐𝑜𝑜𝑘𝑖𝑒𝐽𝑎𝑟−−𝑐𝑜𝑜𝑘𝑖𝑒  cookieJar−−cookie cookieJar --output "(  ( curlPath)\launch.ica" "https://desktop.saaas.com/Citrix/StoreWeb/Resources/LaunchIca/(  ( desktopDeliveryGroup.id).ica?CsrfToken=(  ( csrfToken)&IsUsingHttps=Yes"

   7. Launch Desktop

   $step = 7

Start-Process "(  ( curlPath)\launch.ica"

   Ok, now let's break it down into steps.

Step 1: Login to Netscaler Gateway

This is pretty straightforward - just pass the username & password in the data portion of cURL, and store the cookie in a file.

.\curl.exe --location --cookie-jar 𝑐𝑜𝑜𝑘𝑖𝑒𝐽𝑎𝑟−−𝑜𝑢𝑡𝑝𝑢𝑡"  cookieJar−−output" (𝑐𝑢𝑟𝑙𝑃𝑎𝑡ℎ)\OUTPUT1.𝑡𝑥𝑡"−−𝑑𝑎𝑡𝑎"𝑙𝑜𝑔𝑖𝑛=  curlPath)\OUTPUT1.txt"−−data"login= (username)&passwd=   username)&passwd=  ($password)" --header 'Accept: text/html, application/xhtml+xml, image /jxr, */*' --header 'Referer: https://desktop.saaas.com/vpn/index.html' "https://desktop.saaas.com/cgi/login"

Step 2: Get CSRF Token & ASP.NET session ID

This step is pretty important - it's the first call to our Storefront server, and when we get the CSRF token and ASP.NET session ID. Without these passed into every subsequent call to Storefront, you'll get a 403 Forbidden response.

<div>.\curl.exe --request POST --location --cookie-jar 𝑐𝑜𝑜𝑘𝑖𝑒𝐽𝑎𝑟−−𝑐𝑜𝑜𝑘𝑖𝑒  cookieJar−−cookie cookieJar --output "(  ( curlPath)\OUTPUT2.txt" --dump-header "(  ( curlPath)\CSRF-Token.txt" --cacert "(  ( curlPath)\curl-ca-bundle.crt" --header 'Accept: application/xml, text/xml, */*; q=0.01' --header 'Content-Length: 0' --header 'X-Citrix-IsUsingHTTPS: Yes' --header 'Referer: https://desktop.saaas.com/Citrix/StoreWeb/' "https://desktop.saaas.com/Citrix/StoreWeb/Home/Configuration"

Step 3: Store the CSRF token in a new variable

This takes the response from Step 2 and stores the CSRF token in a new variable.

ℎ𝑒𝑎𝑑𝑒𝑟𝑠=𝐺𝑒𝑡−𝐶𝑜𝑛𝑡𝑒𝑛𝑡"  headers=Get−Content" (𝑐𝑢𝑟𝑙𝑃𝑎𝑡ℎ)\CSRF−𝑇𝑜𝑘𝑒𝑛.𝑡𝑥𝑡"|𝑆𝑒𝑙𝑒𝑐𝑡−𝑆𝑡𝑟𝑖𝑛𝑔"𝑆𝑒𝑡−𝐶𝑜𝑜𝑘𝑖𝑒:𝐶𝑠𝑟𝑓𝑇𝑜𝑘𝑒𝑛="  curlPath)\CSRF−Token.txt" | Select−String"Set−Cookie:CsrfToken=" csrfToken = (headers -split "=" -split ";")\[1\] #echo (   headers -split "=" -split ";")\[1\] #echo (  csrfToken)

Step 3b: Get Authentication Methods from Storefront

Although we know what Authentication method we want to use to log into the Storefront (passthrough from Netscaler Gateway), we still need to initiate GetAuthMethods before Storefront will be ready for us to send a login request.

.\curl.exe --request POST --cookie-jar 𝑐𝑜𝑜𝑘𝑖𝑒𝐽𝑎𝑟−−𝑐𝑜𝑜𝑘𝑖𝑒  cookieJar−−cookie cookieJar --output "(  ( curlPath)\OUTPUT3.txt" --header 'Accept: application/xml, text/xml, */*; q=0.01' --header "Csrf-Token: (  ( csrfToken)" --header 'X-Citrix-IsUsingHTTPS: Yes' --header 'Referer: https://desktop.saaas.com/Citrix/StoreWeb/' --header 'Content-Length: 0' "https://desktop.saaas.com/Citrix/StoreWeb/Authentication/GetAuthMethods"

Step 4: Login to Storefront

Finally, we can login to the Storefront by passing our cookie with our NSC_AAAC token to the Storefront server.

.\curl.exe --request POST --cookie-jar 𝑐𝑜𝑜𝑘𝑖𝑒𝐽𝑎𝑟−−𝑐𝑜𝑜𝑘𝑖𝑒  cookieJar−−cookie cookieJar --header 'Accept: application/xml, text/xml, */*; q=0.01' --header "Csrf-Token: (  ( csrfToken)" --header 'X-Citrix-IsUsingHTTPS: Yes' --header 'Referer: https://desktop.saaas.com/Citrix/StoreWeb/' --header 'Content-Length: 0' "https://desktop.saaas.com/Citrix/StoreWeb/GatewayAuth/Login"

Step 5: List Resources

Now, we request a list of all available resources (Delivery Groups & Published Apps) from the Storefront server. We'll get back a JSON file with names, IDs and launch URLs. Then, we parse the output to select the resource name of our chosen Delivery Group.

.\curl.exe --request POST --cookie-jar 𝑐𝑜𝑜𝑘𝑖𝑒𝐽𝑎𝑟−−𝑐𝑜𝑜𝑘𝑖𝑒  cookieJar−−cookie cookieJar --output "(  ( curlPath)\Resources.json" --header 'Content-Type: application/x-www-form-urlencoded; charset=UTF-8' --header 'Accept: application/json, text/javascript, */*; q=0.01' --header "Csrf-Token: (  ( csrfToken)" --header 'X-Citrix-IsUsingHTTPS: Yes' --header 'Referer: https://desktop.saaas.com/Citrix/StoreWeb/' --data "format=json&resourceDetails=Default" "https://desktop.saaas.com/Citrix/StoreWeb/Resources/List"

𝑗=(𝐺𝑒𝑡−𝐶𝑜𝑛𝑡𝑒𝑛𝑡"  j=(Get−Content" curlPath\Resources.json" -Raw) | ConvertFrom-Json 𝑑𝑒𝑠𝑘𝑡𝑜𝑝𝐷𝑒𝑙𝑖𝑣𝑒𝑟𝑦𝐺𝑟𝑜𝑢𝑝=  desktopDeliveryGroup= j.resources | where {_.𝑛𝑎𝑚𝑒−𝑒𝑞  _.name−eq deliveryGroupName}

Step 6: Get Launch.ica file

This is where we request the ICA file of our chosen Delivery Group and save the output as launch.ica

.\curl.exe --request GET --cookie-jar 𝑐𝑜𝑜𝑘𝑖𝑒𝐽𝑎𝑟−−𝑐𝑜𝑜𝑘𝑖𝑒  cookieJar−−cookie cookieJar --output "(  ( curlPath)\launch.ica" "https://desktop.saaas.com/Citrix/StoreWeb/Resources/LaunchIca/(  ( desktopDeliveryGroup.id).ica?CsrfToken=(  ( csrfToken)&IsUsingHttps=Yes"

Step 7: Launch!

Finally, we launch Citrix using wfica32.exe and our launch.ica file

Start-Process "(  ( curlPath)\launch.ica"

Congratulations! You have now logged into & launched a Citrix session using the Storefront API.

For full details on the API documentation - see Citrix SDK Page - you will need a Citrix login to access this :)

免责声明：本文系网络转载或改编，未找到原创作者，版权归原作者所有。如涉及版权，请联系删