def buildClipboardChannel(self, mcs: MCSLayer, userID: int, channelID: int) -> MCSServerChannel: """ :type mcs: MCSLayer :param userID: The mcs user that builds the channel :param channelID: The channel ID to use to communicate in that channel :return: MCSServerChannel that handles the Clipboard virtual channel traffic from the client to the MITM. """ # Create all necessary layers channel = MCSServerChannel(mcs, userID, channelID) securityLayer = self.createSecurityLayer() virtualChannelLayer = VirtualChannelLayer() clipboardLayer = ClipboardLayer() Layer.chain(channel, securityLayer, virtualChannelLayer, clipboardLayer) # Create and link the MITM Observer for the server side to the clipboard layer. # Also link both MITM Observers (client and server) so they can send traffic the other way. peer = self.client.getChannelObserver(channelID) passiveClipboardObserver = PassiveClipboardStealer( clipboardLayer, self.recorder, self.log) peer.passiveClipboardObserver = passiveClipboardObserver passiveClipboardObserver.setPeer(peer) clipboardLayer.addObserver(passiveClipboardObserver) return channel
def buildDeviceRedirectionChannel(self, mcs: MCSLayer, userID: int, channelID: int) -> MCSServerChannel: """ :type mcs: MCSLayer :param userID: The mcs user that builds the channel :param channelID: The channel ID to use to communicate in that channel :return: MCSServerChannel that handles the device redirection virtual channel traffic from the client to the MITM. """ # Create all necessary layers channel = MCSServerChannel(mcs, userID, channelID) securityLayer = self.createSecurityLayer() virtualChannelLayer = VirtualChannelLayer( activateShowProtocolFlag=False) deviceRedirectionLayer = DeviceRedirectionLayer() Layer.chain(channel, securityLayer, virtualChannelLayer, deviceRedirectionLayer) # Create and link the MITM Observer for the server side to the device redirection layer. # Also link both MITM Observers (client and server) so they can send traffic the other way. peer = self.client.getChannelObserver(channelID) observer = PassiveFileStealerServer( deviceRedirectionLayer, self.recorder, self.client.deviceRedirectionObserver, self.log) observer.setPeer(peer) deviceRedirectionLayer.addObserver(observer) return channel
def buildClipboardChannel(self, mcs: MCSLayer, userID: int, channelID: int) -> MCSClientChannel: """ :param mcs: The MCS Layer to transport traffic :param userID: The mcs user that builds the channel :param channelID: The channel ID to use to communicate in that channel :return: MCSClientChannel that handles the Clipboard virtual channel traffic from the server to the MITM. """ # Create all necessary layers channel = MCSClientChannel(mcs, userID, channelID) securityLayer = self.createSecurityLayer() virtualChannelLayer = VirtualChannelLayer() clipboardLayer = ClipboardLayer() Layer.chain(channel, securityLayer, virtualChannelLayer, clipboardLayer) # Create and link the MITM Observer for the client side to the clipboard layer. activeClipboardObserver = ActiveClipboardStealer( clipboardLayer, self.recorder, self.log) clipboardLayer.addObserver(activeClipboardObserver) self.channelObservers[channelID] = activeClipboardObserver return channel
def buildDeviceRedirectionChannel(self, mcs: MCSLayer, userID: int, channelID: int) -> MCSClientChannel: """ :param mcs: The MCS Layer to transport traffic :param userID: The mcs user that builds the channel :param channelID: The channel ID to use to communicate in that channel :return: MCSClientChannel that handles the Device redirection virtual channel traffic from the server to the MITM. """ # Create all necessary layers channel = MCSClientChannel(mcs, userID, channelID) securityLayer = self.createSecurityLayer() virtualChannelLayer = VirtualChannelLayer( activateShowProtocolFlag=False) deviceRedirectionLayer = DeviceRedirectionLayer() Layer.chain(channel, securityLayer, virtualChannelLayer, deviceRedirectionLayer) # Create and link the MITM Observer for the client side to the device redirection layer. self.deviceRedirectionObserver = PassiveFileStealerClient( deviceRedirectionLayer, self.recorder, self.log) deviceRedirectionLayer.addObserver(self.deviceRedirectionObserver) self.channelObservers[channelID] = self.deviceRedirectionObserver return channel
def __init__(self, socket): """ :type socket: socket.socket """ Layer.__init__(self) self.socket = socket self.isConnected = True
def __init__(self): RDPConnectionTab.__init__(self, QRemoteDesktop(1024, 768)) self.tcp = AsyncIOTCPLayer() self.tpkt = TPKTLayer() self.message = PlayerMessageLayer() self.eventHandler = PlayerMessageHandler(self.widget, self.text) Layer.chain(self.tcp, self.tpkt, self.message) self.message.addObserver(self.eventHandler)
def __init__(self, reactor: Reactor, log: logging.Logger): self.reactor = reactor self.log = log self.tcp = TCPCertFetchingLayer() self.tpkt = TPKTLayer() self.x224 = X224Layer() Layer.chain(self.tcp, self.tpkt, self.x224) self.tcp.createObserver(onConnection=self.sendConnectionRequest) self.x224.createObserver(onConnectionConfirm=lambda _: self.startTLS())
def buildVirtualChannel(self, mcs, userID, channelID) -> MCSClientChannel: channel = MCSClientChannel(mcs, userID, channelID) securityLayer = self.createSecurityLayer() rawLayer = RawLayer() Layer.chain(channel, securityLayer, rawLayer) observer = MITMVirtualChannelObserver(rawLayer) rawLayer.addObserver(observer) self.channelObservers[channelID] = observer return channel
def buildVirtualChannel(self, mcs: MCSLayer, userID: int, channelID: int) -> MCSServerChannel: channel = MCSServerChannel(mcs, userID, channelID) securityLayer = self.createSecurityLayer() rawLayer = RawLayer() Layer.chain(channel, securityLayer, rawLayer) peer = self.client.getChannelObserver(channelID) observer = MITMVirtualChannelObserver(rawLayer) observer.setPeer(peer) rawLayer.addObserver(observer) return channel
def buildIOChannel(self, mcs: MCSLayer, userID: int, channelID: int) -> MCSServerChannel: encryptionMethod = self.serverData.security.encryptionMethod self.securityLayer = self.createSecurityLayer() self.securityLayer.createObserver( onClientInfoReceived=self.onClientInfoReceived, onSecurityExchangeReceived=self.onSecurityExchangeReceived, onLicensingDataReceived=self.onLicensingDataReceived) slowPathObserver = MITMSlowPathObserver( self.log, self.slowPathLayer, onConfirmActive=self.onConfirmActive) slowPathObserver.setDataHandler(SlowPathDataType.PDUTYPE2_INPUT, self.onInputPDUReceived) clientObserver = self.client.getChannelObserver(channelID) slowPathObserver.setPeer(clientObserver) self.slowPathLayer.addObserver(slowPathObserver) self.slowPathLayer.addObserver(RecordingSlowPathObserver( self.recorder)) fastPathParser = createFastPathParser(self.useTLS, encryptionMethod, self.crypter, ParserMode.SERVER) self.fastPathLayer = FastPathLayer(fastPathParser) fastPathObserver = MITMFastPathObserver(self.log, self.fastPathLayer) fastPathObserver.setPeer(self.client.getFastPathObserver()) self.fastPathLayer.addObserver(fastPathObserver) self.fastPathLayer.addObserver( RecordingFastPathObserver(self.recorder, PlayerMessageType.FAST_PATH_INPUT)) channel = MCSServerChannel(mcs, userID, channelID) Layer.chain(channel, self.securityLayer, self.slowPathLayer) self.segmentation.attachLayer(SegmentationPDUType.FAST_PATH, self.fastPathLayer) if self.useTLS: self.securityLayer.securityHeaderExpected = True return channel
def buildIOChannel(self, mcs: MCSLayer, userID: int, channelID: int) -> MCSClientChannel: encryptionMethod = self.serverData.security.encryptionMethod self.securityLayer = self.createSecurityLayer() self.securityLayer.createObserver( onLicensingDataReceived=self.onLicensingDataReceived) slowPathObserver = MITMSlowPathObserver(self.log, self.slowPathLayer) self.slowPathLayer.addObserver(slowPathObserver) self.slowPathLayer.addObserver(RecordingSlowPathObserver( self.recorder)) self.channelObservers[channelID] = slowPathObserver fastPathParser = createFastPathParser(self.useTLS, encryptionMethod, self.crypter, ParserMode.CLIENT) self.fastPathLayer = FastPathLayer(fastPathParser) self.fastPathObserver = MITMFastPathObserver(self.log, self.fastPathLayer) self.fastPathLayer.addObserver(self.fastPathObserver) self.fastPathLayer.addObserver( RecordingFastPathObserver(self.recorder, PlayerMessageType.FAST_PATH_OUTPUT)) channel = MCSClientChannel(mcs, userID, channelID) Layer.chain(channel, self.securityLayer, self.slowPathLayer) self.segmentation.attachLayer(SegmentationPDUType.FAST_PATH, self.fastPathLayer) if self.useTLS: self.securityLayer.securityHeaderExpected = True elif encryptionMethod != 0: self.log.debug("Sending Security Exchange") self.slowPathLayer.previous.sendSecurityExchange( self.securitySettings.encryptClientRandom()) return channel
def __init__(self, friendlyName: str, targetHost: str, targetPort: int, certificateFileName: str, privateKeyFileName: str, recordHost: str, recordPort: int, replacementUsername: str, replacementPassword: str): MCSUserObserver.__init__(self) self.sessionId = f"{friendlyName}{random.randrange(100000,999999)}" self.log = getLoggerPassFilters( f"{LOGGER_NAMES.MITM_CONNECTIONS}.{self.sessionId}.server") self.metadataFilter = ConnectionMetadataFilter(self, self.sessionId) self.log.addFilter(self.metadataFilter) self.replacementPassword = replacementPassword self.replacementUsername = replacementUsername self.targetHost = targetHost self.targetPort = targetPort self.certificateFileName = certificateFileName self.privateKeyFileName = privateKeyFileName self.clipboardObserver = None self.useTLS = False self.client: MITMClient = None self.clientConnector = None self.originalNegotiationPDU = None self.targetNegotiationPDU = None self.serverData = None self.rc4RSAKey = RSA.generate(2048) self.crypter = RC4CrypterProxy() self.socket = None self.fileHandle = open( "out/rdp_replay_{}_{}.pyrdp".format( datetime.datetime.now().strftime('%Y%m%d_%H-%M-%S'), random.randint(0, 1000)), "wb") rc4Log = getLoggerPassFilters(f"{self.log.name}.rc4") self.securitySettings = SecuritySettings(SecuritySettings.Mode.SERVER) self.securitySettings.addObserver(self.crypter) self.securitySettings.addObserver(RC4LoggingObserver(rc4Log)) self.tcp = TwistedTCPLayer() self.tcp.createObserver(onConnection=self.onConnection, onDisconnection=self.onDisconnection) self.segmentation = SegmentationLayer() self.segmentation.createObserver( onUnknownHeader=self.onUnknownTPKTHeader) self.tpkt = TPKTLayer() self.x224 = X224Layer() self.x224.createObserver(onConnectionRequest=self.onConnectionRequest, onDisconnectRequest=self.onDisconnectRequest) self.mcs = MCSLayer() self.router = MITMServerRouter(self.mcs, self) self.mcs.addObserver(self.router) self.router.createObserver( onConnectionReceived=self.onConnectInitial, onDisconnectProviderUltimatum=self.onDisconnectProviderUltimatum, onAttachUserRequest=self.onAttachUserRequest, onChannelJoinRequest=self.onChannelJoinRequest) self.gcc = GCCParser() self.rdpClientInfoParser = ClientInfoParser() self.rdpClientConnectionParser = ClientConnectionParser() self.rdpServerConnectionParser = ServerConnectionParser() self.securityLayer = None self.slowPathLayer = SlowPathLayer() self.fastPathLayer = None self.tcp.setNext(self.segmentation) self.segmentation.attachLayer(SegmentationPDUType.TPKT, self.tpkt) Layer.chain(self.tpkt, self.x224, self.mcs) if recordHost is not None and recordPort is not None: self.socket = socket.socket(socket.AF_INET, socket.SOCK_STREAM) try: self.socket.connect((recordHost, recordPort)) except socket.error as e: logging.getLogger(LOGGER_NAMES.MITM).error( "Could not connect to liveplayer: %(error)s", {"error": e}) self.socket.close() self.socket = None recordingLayers = [FileLayer(self.fileHandle)] if self.socket is not None: recordingLayers.append(SocketLayer(self.socket)) # Since we're intercepting communications from the original client (so we're a server), # We need to write back the packets as if they came from the client. self.recorder = Recorder(recordingLayers)
def __init__(self, mcs, userID, channelID): MCSChannel.__init__(self, mcs, userID, channelID) Layer.__init__(self) pass
def __init__(self, server, fileHandle: BinaryIO, livePlayerSocket: socket, replacementUsername=None, replacementPassword=None): MCSChannelFactory.__init__(self) self.log = getLoggerPassFilters( f"{LOGGER_NAMES.MITM_CONNECTIONS}.{server.getSessionId()}.client") self.log.addFilter(server.metadataFilter) self.replacementUsername = replacementUsername self.replacementPassword = replacementPassword self.server = server self.channelMap: Dict[int, str] = {} self.channelDefinitions = [] self.channelObservers = {} self.deviceRedirectionObserver = None self.useTLS = False self.user = None self.fastPathObserver = None self.conferenceCreateResponse = None self.serverData = None self.crypter = RC4CrypterProxy() rc4Log = getLoggerPassFilters(f"{self.log.name}.rc4") self.securitySettings = SecuritySettings(SecuritySettings.Mode.CLIENT) self.securitySettings.addObserver(self.crypter) self.securitySettings.addObserver(RC4LoggingObserver(rc4Log)) self.tcp = TwistedTCPLayer() self.tcp.createObserver(onConnection=self.startConnection, onDisconnection=self.onDisconnection) self.segmentation = SegmentationLayer() self.segmentation.createObserver( onUnknownHeader=self.onUnknownTPKTHeader) self.tpkt = TPKTLayer() self.x224 = X224Layer() self.x224.createObserver(onConnectionConfirm=self.onConnectionConfirm, onDisconnectRequest=self.onDisconnectRequest) self.mcs = MCSLayer() self.router = MCSClientRouter(self.mcs, self) self.mcs.addObserver(self.router) self.router.createObserver( onConnectResponse=self.onConnectResponse, onDisconnectProviderUltimatum=self.onDisconnectProviderUltimatum) self.mcsConnect = MCSClientConnectionLayer(self.mcs) self.gccConnect = GCCClientConnectionLayer(b"1") self.gccConnect.createObserver( onPDUReceived=self.onConferenceCreateResponse) self.rdpConnect = ClientConnectionLayer() self.rdpConnect.createObserver(onPDUReceived=self.onServerData) self.securityLayer = None self.slowPathLayer = SlowPathLayer() self.fastPathLayer = None self.tcp.setNext(self.segmentation) self.segmentation.attachLayer(SegmentationPDUType.TPKT, self.tpkt) Layer.chain(self.tpkt, self.x224, self.mcs) Layer.chain(self.mcsConnect, self.gccConnect, self.rdpConnect) record_layers = [FileLayer(fileHandle)] if livePlayerSocket is not None: record_layers.append(SocketLayer(livePlayerSocket)) self.recorder = Recorder(record_layers)
def __init__(self, fileHandle): """ :type fileHandle: BinaryIO """ Layer.__init__(self) self.file_descriptor: BinaryIO = fileHandle
def addTransportLayer(self, transportLayer: Layer): tpktLayer = TPKTLayer() messageLayer = PlayerMessageLayer() Layer.chain(transportLayer, tpktLayer, messageLayer) self.topLayers.append(messageLayer)