1.0.0

We added many interesting features in the last couple of months and have used this tool in enough contexts to officially mark it as stable.
Some of the noteworthy features are described in our announcement blog post.

This release has a dedicated SecTor 2020 presentation: Achieving PyRDP 1.0 – The Remote Desktop Pwnage MITM and Library.

Enhancements

Tools

• Introduced the pyrdp-convert tool to convert between pcaps, PyRDP replay files and MP4 video files.
  Read its section in the README for details.
  See #199, #188 and #170.

Player

• New --headless mode to output replay data to the terminal.
  All GUI dependencies are now optional enabling further Docker image size reduction.
  See #151, #163 and #190.
• Added window scaling support for session replays (#101, #208)

MITM

• Added support for dynamic certificate cloning when no certificate is specified. (#94, #243).
  This is enabled by default and can be overridden through the existing -c and -k arguments.
• File interception now saves files transferred via clipboard copy/paste (#100)
• Added a transparent proxy mode where source or destination packets are unaltered from the client or the server's perspective.
  See feature documentation for details and usage examples.
  See also #197, #204, #205 and #239.
• Added support for Network Level Authentication (NLA) by passing CredSSP authentication untouched.
  Activate it with the --auth ssp switch.
  It requires the RDP server's private key which must be given to PyRDP.
  See #229 for details.
• Support for 32-bit x86 operating systems when not using the graphical interface (#150)
• Added a twistd plugin (#174, #177, #191)
• Loosen up TLS version checks to allow a broader set of clients and server (#192, #193)
• Explicitly disabled TLS 1.3 for now since we don't record TLS 1.3 master secrets yet (#116, #193)
• Logging can be customized using configuration files (#191)
• Improvements on log correlation (#180):
  • Added replayfilename to the connection report log entry
  • Added sessionID to replay filename
• Added several switches to selectively disable features of PyRDP:
  • --disable-active-clipboard switch to prevent clipboard request injection
  • --no-downgrade switch to prevent protocol downgrading where possible #189
  • --no-files switch to prevent extracting transferred files #195
• Added support for the GDI graphics as the default graphics pipeline.
  The --no-gdi switch was added to force the previous behavior (bitmaps).
  See #50 and #209 for details.

Bug fixes

• Python 3.8 supported by fixing a logging.Formatter misuse (#176)
• PyRDP no longer creates replay files for sessions with no activity (#169, #207)
• Fixed stack traces in the player when attempting to print strings ending with a null character (#182)
• Removed NLA argument from pyrdp-mitm
• Updated and clarified documentation (#165, #166, #172)

Infrastructure

• Docker images are now based on Ubuntu 20.04 (#251)
• Docker image size reduced and split in default and -slim variants (#173, #198)
• Improved docker caching for faster development iterations (#217, #219)
• Changed default docker compose command now pyrdp-mitm -h to avoid confusing crash on docker-compose up (#173)
• Added continuous integration with GitHub Actions that builds docker images and runs basic smoke tests (#194, #201, #202, #253)

Credits

Thanks to the following people who contributed to this release:

Olivier Bilodeau (@obilodeau), Alexandre Beaulieu (@alxbl), Émilio Gonzalez (@Res260), Francis Labelle (@xshill), @robeving, @sotebob