Skip to content

Wrong certificate when using NLA redirection. #423

New issue
New issue
Open
#424
Open
Wrong certificate when using NLA redirection.#423
#424
Labels
enhancementNew feature or request
Milestone
 
v2.1.1
@spameier

Description

@spameier
spameier
opened on Nov 25, 2022

Right now, when the user connects to an NLA enforcing server and NLA redirection is active in pyRDP, the client is presented with the certificate of the redirection host.

In my test environment i have two servers: pyrdp-server.pyrdp.local and pyrdp-server-no-nla.pyrdp.local. When the user wants to connect to the NLA enforcing server she or he is presented with a warning that the server certificate is not matching the requested hostname.
image

Corresponding output from pyrdp-mitm.py:

$ ./bin/pyrdp-mitm.py --nla-redirection-host pyrdp-server-no-nla.pyrdp.local --nla-redirection-port 3389 pyrdp-server.pyrdp.local
[2022-11-25 12:57:50,595] - INFO - GLOBAL - pyrdp.mitm - Target: pyrdp-server.pyrdp.local:3389
[2022-11-25 12:57:50,595] - INFO - GLOBAL - pyrdp.mitm - Output directory: /home/user/pyrdp-upstream/pyrdp_output
[2022-11-25 12:57:50,596] - INFO - GLOBAL - pyrdp - MITM Server listening on 0.0.0.0:3389
[2022-11-25 12:57:58,778] - INFO - Donald735443 - pyrdp.mitm.connections.tcp - New client connected from 192.168.254.107:50519
[2022-11-25 12:57:58,779] - INFO - Donald735443 - pyrdp.mitm.connections.x224 - Cookie: mstshash=PYRDP-CLI
[2022-11-25 12:57:58,782] - INFO - Donald735443 - pyrdp.mitm.connections.tcp - Server connected
[2022-11-25 12:57:58,786] - INFO - Donald735443 - pyrdp.mitm.connections.x224 - The server forces the use of NLA. Using redirection host: pyrdp-server-no-nla.pyrdp.local:3389
[2022-11-25 12:57:58,786] - INFO - Donald735443 - pyrdp.mitm.connections.x224 - Cookie: mstshash=PYRDP-CLI
[2022-11-25 12:57:58,788] - INFO - Donald735443 - pyrdp.mitm.connections.tcp - Server connected
[2022-11-25 12:57:59,880] - INFO - Donald735443 - pyrdp.mitm.connections.cert - Cloned server certificate to pyrdp_output/certs/pyrdp-server-no-nla.pyrdp.local.crt
[2022-11-25 12:57:59,898] - INFO - Donald735443 - pyrdp.mitm.connections.tcp - Client connection closed. Connection to the other side was lost in a non-clean fashion: Connection lost.
[2022-11-25 12:57:59,899] - INFO - Donald735443 - pyrdp.mitm.connections.tcp - Connection report: report: 1.0, connectionTime: 1.1198546886444092, totalInput: 0, totalOutput: 0, replayFilename: rdp_replay_20221125_12-57-58_778_Donald735443.pyrdp

I think this should be changed, what do you think?

Metadata

Metadata

Assignees

No one assigned

    Labels

    enhancementNew feature or request

    Type

    No type

    Projects

    No projects

    Milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions