Skip to content

Wrong certificate when using NLA redirection. #423

New issue
New issue
Open
#424
Open
Wrong certificate when using NLA redirection.#423
#424
Labels
enhancementNew feature or request
Milestone
 
v2.1.1
@spameier

Description

@spameier
spameier
opened on Nov 25, 2022
Contributor

Right now, when the user connects to an NLA enforcing server and NLA redirection is active in pyRDP, the client is presented with the certificate of the redirection host.

In my test environment i have two servers: pyrdp-server.pyrdp.local and pyrdp-server-no-nla.pyrdp.local. When the user wants to connect to the NLA enforcing server she or he is presented with a warning that the server certificate is not matching the requested hostname.
image

Corresponding output from pyrdp-mitm.py:

$ ./bin/pyrdp-mitm.py --nla-redirection-host pyrdp-server-no-nla.pyrdp.local --nla-redirection-port 3389 pyrdp-server.pyrdp.local
[2022-11-25 12:57:50,595] - INFO - GLOBAL - pyrdp.mitm - Target: pyrdp-server.pyrdp.local:3389
[2022-11-25 12:57:50,595] - INFO - GLOBAL - pyrdp.mitm - Output directory: /home/user/pyrdp-upstream/pyrdp_output
[2022-11-25 12:57:50,596] - INFO - GLOBAL - pyrdp - MITM Server listening on 0.0.0.0:3389
[2022-11-25 12:57:58,778] - INFO - Donald735443 - pyrdp.mitm.connections.tcp - New client connected from 192.168.254.107:50519
[2022-11-25 12:57:58,779] - INFO - Donald735443 - pyrdp.mitm.connections.x224 - Cookie: mstshash=PYRDP-CLI
[2022-11-25 12:57:58,782] - INFO - Donald735443 - pyrdp.mitm.connections.tcp - Server connected
[2022-11-25 12:57:58,786] - INFO - Donald735443 - pyrdp.mitm.connections.x224 - The server forces the use of NLA. Using redirection host: pyrdp-server-no-nla.pyrdp.local:3389
[2022-11-25 12:57:58,786] - INFO - Donald735443 - pyrdp.mitm.connections.x224 - Cookie: mstshash=PYRDP-CLI
[2022-11-25 12:57:58,788] - INFO - Donald735443 - pyrdp.mitm.connections.tcp - Server connected
[2022-11-25 12:57:59,880] - INFO - Donald735443 - pyrdp.mitm.connections.cert - Cloned server certificate to pyrdp_output/certs/pyrdp-server-no-nla.pyrdp.local.crt
[2022-11-25 12:57:59,898] - INFO - Donald735443 - pyrdp.mitm.connections.tcp - Client connection closed. Connection to the other side was lost in a non-clean fashion: Connection lost.
[2022-11-25 12:57:59,899] - INFO - Donald735443 - pyrdp.mitm.connections.tcp - Connection report: report: 1.0, connectionTime: 1.1198546886444092, totalInput: 0, totalOutput: 0, replayFilename: rdp_replay_20221125_12-57-58_778_Donald735443.pyrdp

I think this should be changed, what do you think?

Activity

spameier
linked a pull request that will close this issue on Nov 25, 2022
obilodeau

obilodeau commented on Dec 1, 2022

@obilodeau
obilodeau
on Dec 1, 2022
Collaborator

Yes, very interesting observation and it makes a lot of sense to avoid giving away that hint to the client.

obilodeau
added
enhancementNew feature or request
on Dec 19, 2022
obilodeau
added this to the v1.3.0 milestone on Jun 27, 2023
obilodeau
modified the milestones: v1.3.0, v2.0.1 on Dec 14, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Metadata

Metadata

Assignees

No one assigned

    Labels

    enhancementNew feature or request

    Type

    No type

    Projects

    No projects

    Milestone

    Relationships

    None yet

      Development

      Participants

      @obilodeau@spameier

      Issue actions
        Wrong certificate when using NLA redirection. · Issue #423 · GoSecure/pyrdp