1 |
======================================= |
2 |
rdpproxy: Man-in-the-middle RDP sniffer |
3 |
Matt Chapman <matthewc@cse.unsw.edu.au> |
4 |
Modified by Erik Forsberg <forsberg at cendio dot se> |
5 |
|
6 |
|
7 |
NOTE: This is a tool for developers, so it is a bit rough around the |
8 |
edges :) |
9 |
|
10 |
RDP4 |
11 |
---- |
12 |
Old Microsoft RDP4 clients should work "out of the box". Although with |
13 |
this version of rdpproxy, they don't. Umm.. don't know why. |
14 |
|
15 |
RDP5, Administration mode |
16 |
------------------------- |
17 |
You will need to replace tsprivkey.der with the private key from your |
18 |
Terminal Server. To do this, dump its secrets with Todd Sabin's |
19 |
lsadump2 (sold separately). Then pass the output of lsadump2 through |
20 |
extractkey.pl (just dumps that particular secret in binary) and finally |
21 |
rsa2der. |
22 |
|
23 |
RDP5, Application mode |
24 |
---------------------- |
25 |
This works as it should as far as I can see. |
26 |
|
27 |
|
28 |
======================================= |
29 |
pparser.py: Parser for turning rdpproxy output into readable form. |
30 |
Erik Forsberg <forsberg at cendio dot se> |
31 |
|
32 |
pparser.py can be used to get a more readable form of the packet trace |
33 |
output by rdpproxy. Just as rdpproxy, it's a developer tool, so it's |
34 |
usability may sometimes be.. uhm.. challenging :-). |
35 |
|
36 |
pparser.py can output several formats, but basically, only the TXT |
37 |
format is interesting unless you write a master thesis :-). |
38 |
|
39 |
pparser.py can sort out packets based on what channel they occur on, |
40 |
so it might very well be useful for developing support for new virtual |
41 |
channels such as sound and local drive redirection. |
42 |
|
43 |
In order to work, pparser.py expects the directory keymaps to exist in |
44 |
the current directory. It makes most sense to create a symlink to the |
45 |
keymaps directory in the rdesktop source directory. |
46 |
|