WIP: Fake RDP server when NLA is enforced#426
WIP: Fake RDP server when NLA is enforced#426spameier wants to merge 22 commits intoGoSecure:mainfrom
Conversation
spameier
force-pushed
the
fake-server
branch
2 times, most recently
from
9f54176 to
ecd5d15
Compare
obilodeau
left a comment
obilodeau
left a comment
There was a problem hiding this comment.
This is very interesting and in a direction I had never thought of. Great work! I would love to see it in action if you can provide a recorded session.
Missing:
- Impact on dependencies outside of python (X11, TK, Fonts, freerdp-shadow-cli, xfreerdp)
- Documentation
- Handle TODOs and FIXMEs
| if self.state.isRedirected(): | ||
| self.log.info( | ||
| "Fetching certificate of the original host %(host)s:%(port)d because of NLA redirection", | ||
| { | ||
| "host": self.state.config.targetHost, | ||
| "port": self.state.config.targetPort, | ||
| }, | ||
| ) | ||
| pem = ssl.get_server_certificate( | ||
| (self.state.config.targetHost, self.state.config.targetPort) | ||
| ) | ||
| cert = crypto.load_certificate(crypto.FILETYPE_PEM, pem) | ||
| else: | ||
| cert = self.server.tcp.transport.getPeerCertificate() |
There was a problem hiding this comment.
There are issues with this code that are being looked at in #424
pyrdp/mitm/FakeServer.py
Outdated
| self.entry_password = Entry( | ||
| self.root, | ||
| show="•", | ||
| font=("Segoe UI", 20), |
There was a problem hiding this comment.
Does this add special dependencies?
There was a problem hiding this comment.
Good point! I'm not sure honestly, it's certainly not on my Kali VM and I never exactly looked at it. Also I'm not a fonts expert 😄.
There was a problem hiding this comment.
I'm switching to DejaVu Sans but that's not available on Windows I think. I also didn't find a way to only specify a font family (e. g. Sans Serif)..
Here's a quick demo: |
|
Thanks for the videos. It is a very interesting approach! There are some things that I think would need to change. Among them, the clearest is the GUI popping up during the interception. I think the fake server should be headless with the option of using the There are also CI build errors: Not sure exactly how without checking but logging is pretty standard throughout pyrdp. It is either a singleton that can be pulled from everywhere or you can fetch it from an object easy to access. I don't think it is stored in the state. |
|
Thanks for your feedback!
Yes, of course. Using The CI is currently failing because I added the |
This comment was marked as outdated.
This comment was marked as outdated.
spameier
force-pushed
the
fake-server
branch
2 times, most recently
from
dc7af31 to
0116006
Compare
spameier
force-pushed
the
fake-server
branch
from
a248c27 to
cad6d09
Compare
otherwise checks whether fake server was configured or not fail
This reduces the error message an mstsc client sees from two to one. before: - The server name on the certificate is incorrect - The certificate is not from a trusted certifying authority after: - The certificate is not from a trusted certifying authority
2 participants
As part of a project at school, I extended the existing redirection functionality with a locally hosted RDP server. It works as follows:
So far it's work in progress and has a lot of rough edges, but feedback would be very much appreciated.
Here's a quick demo: