I am working on a launcher tool for Citrix XenApp that can not only connect to a published application or published desktop but can also leverage Citrix Workspace Control to reconnect to disconnected and/or active sessions.

There doesn’t seem to be any sdk that exposed the data we need so I am trying to reproduce what the Citrix online plugi-in does.

I used a HTTP monitoring tool to capture the traffic between the Online plug-in and the Web Interface. First the online plug-in will retrieve the config.xml from the server specified via the Change Server option:

What is the address of the server hosting your published resources? | Server Address | Example: servername (for non-secure connections) | https://servername (for secure connections)

The config.xml is a rather large xml file, the interesting part is the Request.Enumeration (I left out the other data):

From this xml data, the enum.aspx url is taken and another HTTP post is sent to that url which contains the following xml in my case:

Notice that the password is encoded so if we want to replicate the HTTP post data we need to be able to encode (and perhaps decode) the password.

The decoding seems to be named Ctx1 but I couldn’t find any information on how it should be encoded so I had to find it out myself.

I wrote a tool that that can encode and decode the passwords and I suspect the password decoding is the same as used for storing passwords in ica files (I haven’t checked that yet…):

Encrypt | Decrypt Password | Hash | Citrix | Ctx1

The tool can be downloaded below.

Citrix Password Encoding & Decoding Utility (5484 downloads)