Support for xrdp backend #294
Comments
|
This would be really helpful as I'm also looking to using this in an Ubuntu honeypot running xrdp. |
|
I, unfortunately, don't have a solution for this. |
|
Same ^ |
|
Also wrestling with this error; can't say I have a solution but maybe someone who knows more about xRDP can shed some light on what I've found so far: On page 91 of Microsoft's RDP spec, they lay out the structure for CapabilitySets. As you can see, there is no corresponding type for a value of 6. The structure is mirrored in PyRDP here - Line 409 in 933ca2a It appears from the above stack trace that xRDP has sent a CapabilitySetType of 6, which does not exist. I'm trying to track down where and why this is set in the xRDP source- my best guess so far is here on line 87- https://github.com/neutrinolabs/xrdp/blob/devel/libxrdp/xrdp_caps.c |
|
You could just add an entry in the enum in pyrdp and test. Something like: CAPSTYPE_BOGUS_XRDP = 0x0006and see if everything starts working from there or if something fails |
|
I made that change and am now digging into this error: |
|
I don't understand why but there is no VirtualChannel setup at this point in the connection yet PyRDP assumes there is. Apply this patch. It will test if there's a virtualchannel before trying to disable its compression. diff --git a/pyrdp/mitm/SlowPathMITM.py b/pyrdp/mitm/SlowPathMITM.py
index 0bff4aa..f4e1dd5 100644
--- a/pyrdp/mitm/SlowPathMITM.py
+++ b/pyrdp/mitm/SlowPathMITM.py
@@ -109,5 +109,6 @@ class SlowPathMITM(BasePathMITM):
supported[Order.TS_NEG_DRAWNINEGRID_INDEX] = 0
orders.orderSupport = supported
- pdu.parsedCapabilitySets[CapabilityType.CAPSTYPE_VIRTUALCHANNEL].flags = \
- VirtualChannelCompressionFlag.VCCAPS_NO_COMPR
+ if CapabilityType.CAPSTYPE_VIRTUALCHANNEL in pdu.parsedCapabilitySets:
+ pdu.parsedCapabilitySets[CapabilityType.CAPSTYPE_VIRTUALCHANNEL].flags = \
+ VirtualChannelCompressionFlag.VCCAPS_NO_COMPR |
|
Did the patch get you further? Should I add this to PyRDP? |
|
hey, sorry for not following up sooner, that was very helpful! |
|
Added the patch to master. It will be part of the next release. Leaving this issue open since we are not sure about resolution. |
Improved the situation with GoSecure#294
|
In addition to the two already mentioned patches (this and this, where currently only the latter is merged/released), I also had to change After the changes, a simple pyrdp MITM seems to work (on Linux with XRDP server and Remmina client or FreeRDP client), even though the client shows the following messages (which don't occur when connecting directly to XRDP instead of MITM server): I'm not sure what this might break. Also, I'm not sure whether my patch breaks support for other servers, e.g. on Windows. Could someone check that? I currently only have Linux with XRDP. |
Hello,
Does PyRDP support using the mitm feature in front of a xrdp server? If not, this could help deploy honeypots with a small alpine/ubuntu container acting as RDP backend.
This is the current output when running as a mitm for a ubuntu+xrdp container (it is a bit verbose, sorry):
Cheers!
The text was updated successfully, but these errors were encountered: