def __init__(self):
self.requestedProtocols: Optional[NegotiationProtocols] = None
"""The original request protocols"""
self.useTLS = False
"""Whether the connection uses TLS or not"""
self.securitySettings = SecuritySettings()
"""The security settings for the connection"""
self.channelDefinitions: [ClientChannelDefinition] = []
"""The channel definitions from the client"""
self.channelMap: Dict[int, str] = {}
"""Dictionary of channel names to channel IDs"""
self.rc4RSAKey = RSA.generate(2048)
"""The RSA key for the RC4 key exchange"""
self.crypters = {
ParserMode.CLIENT: RC4CrypterProxy(RC4CrypterProxy.Mode.CLIENT),
ParserMode.SERVER: RC4CrypterProxy(RC4CrypterProxy.Mode.SERVER)
}
"""Crypters for the client and server side"""
self.forwardInput = True
"""Whether input from the client should be forwarded to the server"""
self.forwardOutput = True
"""Whether output from the server should be forwarded to the client"""
self.securitySettings.addObserver(self.crypters[ParserMode.CLIENT])
self.securitySettings.addObserver(self.crypters[ParserMode.SERVER])
def __init__(self, config: MITMConfig, sessionID: str):
self.requestedProtocols: Optional[NegotiationProtocols] = None
"""The original request protocols"""
self.config = config
"""The MITM configuration."""
self.useTLS = False
"""Whether the connection uses TLS or not"""
self.securitySettings = SecuritySettings()
"""The security settings for the connection"""
self.channelDefinitions: [ClientChannelDefinition] = []
"""The channel definitions from the client"""
self.channelMap: Dict[int, str] = {}
"""Dictionary of channel names to channel IDs"""
self.rc4RSAKey = RSA.generate(2048)
"""The RSA key for the RC4 key exchange"""
self.crypters = {
ParserMode.CLIENT: RC4CrypterProxy(RC4CrypterProxy.Mode.CLIENT),
ParserMode.SERVER: RC4CrypterProxy(RC4CrypterProxy.Mode.SERVER)
}
"""Crypters for the client and server side"""
self.forwardInput = True
"""Whether input from the client should be forwarded to the server"""
self.forwardOutput = True
"""Whether output from the server should be forwarded to the client"""
self.loggedIn = False
"""Keep tracks of the client login status"""
self.inputBuffer = ""
"""Used to store what the client types"""
self.credentialsCandidate = ""
"""The potential client password"""
self.shiftPressed = False
"""The current keyboard shift state"""
self.capsLockOn = False
"""The current keyboard capsLock state"""
self.ctrlPressed = False
"""The current keybaord ctrl state"""
self.sessionID = sessionID
"""The current session ID"""
self.securitySettings.addObserver(self.crypters[ParserMode.CLIENT])
self.securitySettings.addObserver(self.crypters[ParserMode.SERVER])
def __init__(self, friendlyName: str, targetHost: str, targetPort: int,
certificateFileName: str, privateKeyFileName: str,
recordHost: str, recordPort: int, replacementUsername: str,
replacementPassword: str):
MCSUserObserver.__init__(self)
self.sessionId = f"{friendlyName}{random.randrange(100000,999999)}"
self.log = getLoggerPassFilters(
f"{LOGGER_NAMES.MITM_CONNECTIONS}.{self.sessionId}.server")
self.metadataFilter = ConnectionMetadataFilter(self, self.sessionId)
self.log.addFilter(self.metadataFilter)
self.replacementPassword = replacementPassword
self.replacementUsername = replacementUsername
self.targetHost = targetHost
self.targetPort = targetPort
self.certificateFileName = certificateFileName
self.privateKeyFileName = privateKeyFileName
self.clipboardObserver = None
self.useTLS = False
self.client: MITMClient = None
self.clientConnector = None
self.originalNegotiationPDU = None
self.targetNegotiationPDU = None
self.serverData = None
self.rc4RSAKey = RSA.generate(2048)
self.crypter = RC4CrypterProxy()
self.socket = None
self.fileHandle = open(
"out/rdp_replay_{}_{}.pyrdp".format(
datetime.datetime.now().strftime('%Y%m%d_%H-%M-%S'),
random.randint(0, 1000)), "wb")
rc4Log = getLoggerPassFilters(f"{self.log.name}.rc4")
self.securitySettings = SecuritySettings(SecuritySettings.Mode.SERVER)
self.securitySettings.addObserver(self.crypter)
self.securitySettings.addObserver(RC4LoggingObserver(rc4Log))
self.tcp = TwistedTCPLayer()
self.tcp.createObserver(onConnection=self.onConnection,
onDisconnection=self.onDisconnection)
self.segmentation = SegmentationLayer()
self.segmentation.createObserver(
onUnknownHeader=self.onUnknownTPKTHeader)
self.tpkt = TPKTLayer()
self.x224 = X224Layer()
self.x224.createObserver(onConnectionRequest=self.onConnectionRequest,
onDisconnectRequest=self.onDisconnectRequest)
self.mcs = MCSLayer()
self.router = MITMServerRouter(self.mcs, self)
self.mcs.addObserver(self.router)
self.router.createObserver(
onConnectionReceived=self.onConnectInitial,
onDisconnectProviderUltimatum=self.onDisconnectProviderUltimatum,
onAttachUserRequest=self.onAttachUserRequest,
onChannelJoinRequest=self.onChannelJoinRequest)
self.gcc = GCCParser()
self.rdpClientInfoParser = ClientInfoParser()
self.rdpClientConnectionParser = ClientConnectionParser()
self.rdpServerConnectionParser = ServerConnectionParser()
self.securityLayer = None
self.slowPathLayer = SlowPathLayer()
self.fastPathLayer = None
self.tcp.setNext(self.segmentation)
self.segmentation.attachLayer(SegmentationPDUType.TPKT, self.tpkt)
Layer.chain(self.tpkt, self.x224, self.mcs)
if recordHost is not None and recordPort is not None:
self.socket = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
try:
self.socket.connect((recordHost, recordPort))
except socket.error as e:
logging.getLogger(LOGGER_NAMES.MITM).error(
"Could not connect to liveplayer: %(error)s", {"error": e})
self.socket.close()
self.socket = None
recordingLayers = [FileLayer(self.fileHandle)]
if self.socket is not None:
recordingLayers.append(SocketLayer(self.socket))
# Since we're intercepting communications from the original client (so we're a server),
# We need to write back the packets as if they came from the client.
self.recorder = Recorder(recordingLayers)
def __init__(self,
server,
fileHandle: BinaryIO,
livePlayerSocket: socket,
replacementUsername=None,
replacementPassword=None):
MCSChannelFactory.__init__(self)
self.log = getLoggerPassFilters(
f"{LOGGER_NAMES.MITM_CONNECTIONS}.{server.getSessionId()}.client")
self.log.addFilter(server.metadataFilter)
self.replacementUsername = replacementUsername
self.replacementPassword = replacementPassword
self.server = server
self.channelMap: Dict[int, str] = {}
self.channelDefinitions = []
self.channelObservers = {}
self.deviceRedirectionObserver = None
self.useTLS = False
self.user = None
self.fastPathObserver = None
self.conferenceCreateResponse = None
self.serverData = None
self.crypter = RC4CrypterProxy()
rc4Log = getLoggerPassFilters(f"{self.log.name}.rc4")
self.securitySettings = SecuritySettings(SecuritySettings.Mode.CLIENT)
self.securitySettings.addObserver(self.crypter)
self.securitySettings.addObserver(RC4LoggingObserver(rc4Log))
self.tcp = TwistedTCPLayer()
self.tcp.createObserver(onConnection=self.startConnection,
onDisconnection=self.onDisconnection)
self.segmentation = SegmentationLayer()
self.segmentation.createObserver(
onUnknownHeader=self.onUnknownTPKTHeader)
self.tpkt = TPKTLayer()
self.x224 = X224Layer()
self.x224.createObserver(onConnectionConfirm=self.onConnectionConfirm,
onDisconnectRequest=self.onDisconnectRequest)
self.mcs = MCSLayer()
self.router = MCSClientRouter(self.mcs, self)
self.mcs.addObserver(self.router)
self.router.createObserver(
onConnectResponse=self.onConnectResponse,
onDisconnectProviderUltimatum=self.onDisconnectProviderUltimatum)
self.mcsConnect = MCSClientConnectionLayer(self.mcs)
self.gccConnect = GCCClientConnectionLayer(b"1")
self.gccConnect.createObserver(
onPDUReceived=self.onConferenceCreateResponse)
self.rdpConnect = ClientConnectionLayer()
self.rdpConnect.createObserver(onPDUReceived=self.onServerData)
self.securityLayer = None
self.slowPathLayer = SlowPathLayer()
self.fastPathLayer = None
self.tcp.setNext(self.segmentation)
self.segmentation.attachLayer(SegmentationPDUType.TPKT, self.tpkt)
Layer.chain(self.tpkt, self.x224, self.mcs)
Layer.chain(self.mcsConnect, self.gccConnect, self.rdpConnect)
record_layers = [FileLayer(fileHandle)]
if livePlayerSocket is not None:
record_layers.append(SocketLayer(livePlayerSocket))
self.recorder = Recorder(record_layers)