RDP monster-in-the-middle (mitm) and library for Python with the ability to watch connections live or after the fact
Thanks to the following people who contributed to this release:
Olivier Bilodeau (@obilodeau) and @luciaprime54
Full list of changes follows.
.py
suffix. For example, pyrdp-mitm.py
is now pyrdp-mitm
.sessionID
changed format from <firstname><100000-999999>
to <adjective>_<name>_<1000000-9999999>
(#458)pyrdp-convert
through a Docker container (#455)pkg_resources
deprecation warnings (#416, #440)Thanks to the following people who contributed to this release:
@kszafran, Mason Shi (@Mas0nShi), Olivier Bilodeau (@obilodeau) and @plonxyz
Release blog post: https://www.gosecure.net/blog/2022/12/23/a-new-pyrdp-release-the-rudolph-desktop-protocol/
pyrdp-convert
Full list of changes follows.
shasum
now holds the SHA-256 hash value of files instead of SHA-1 (#389)--ssp-challenge
allowing to do more efficient parallel cracking or leverage rainbow tables (#405, #418)pyrdp-convert
video conversion is now 6x faster! (See #349)pyrdp-convert
video format can be viewed during encoding and will play even if the conversion process crashes or is halted (#352, #353)pyrdp-convert
can now handle exported PDUs (decrypted pcaps) with multiple sessions in them (#313, #368)pyrdp-convert
can now extract session information including keyboard and mouse movement information in JSON from pcap and PDUs (#331, #366)pyrdp-convert
has better success messages, error reporting and exit status (#361, #369)pyrdp-mitm
added --address
argument to choose the IP address where PyRDP is listening (#411, #412)pyrdp-player
on macOS platforms (#362)pyrdp-convert
pcap processing when victim IP and MITM IP are the same (#366)pyrdp-convert
segmentation fault in QT in some MP4 conversions (#378, #428, #429)Thanks to the following people who contributed to this release:
Alexandre Beaulieu (@alxbl), Lisandro Ubiedo (@lubiedo), Francis Labelle (@xshill), Lukas Kupczyk (@lkupczyk), Olivier Bilodeau (@obilodeau), simonhuang (@thelongestusernameofall), Jonas (@spameier) and Flare Systems
Released just in time for our BlackHat USA Arsenal 2021 presentation! Here are the high-level release highlights:
pyrdp-convert
Full list of changes follows.
pyrdp-convert
command-line interface change: --list
is now --list-only
to better reflect what it does. The short form -l
didn't change. (#311)hash
is now shasum
(#302)Security
Tools
pyrdp-convert
now relies on scapy for session reconstruction from a pcap. This is more reliable and can handle multiple sessions at once. (#311, #221)pyrdp-convert
MP4 conversion is now 2x faster! (See #234 and #273)pyrdp-convert
(See #236)pyrdp-convert
(See #274)MITM
--nla-redirection-host
and --nla-redirection-port
switches (#260, #308)pyrdp_output/logs/ntlmssp.log
in addition to stdout and JSON. (See #307)HOST_IP
variable on start if it exists. You can set it to the IP address of the host running PyRDP. This is mostly helpful when you're using PyRDP in Docker and you want the IP of the Docker host in the logs.pyrdp_output/files
folder (see #261)pyrdp_output/files/tmp
folderpyrdp_output/filesystems/<SESSION_ID>
folders. Files in these folders are symbolic links to files in the pyrdp_output/files
folder to avoid useless duplication. The symlinks are relative, which allows you to move the folder around without losing the mapping. (See #270, #272 and #299)pyrdp_output/files/tmp/
and mention it in the logs (#333)clientIp
field once a client IP address is known (#321, #326)mapping.json
file since all the information it would contain can be obtained by checking the pyrdp_output/filesystems
folderclientPort
field to the message when a new client is connected (#310)TIME_WAIT
--sensor-id
(-s
) command line argument. It would not work since 1.0. (#279)core.ssl
JSON logs now properly carry the commonName
and certFile
variables (#326)Thanks to the following people who contributed to this release:
Alexandre Beaulieu (@alxbl), @dependabot[bot], @exys228, Francis Labelle (@xshill), Olivier Bilodeau (@obilodeau)
We added many interesting features in the last couple of months and have used this tool in enough contexts to officially mark it as stable. Some of the noteworthy features are described in our announcement blog post.
This release has a dedicated SecTor 2020 presentation: Achieving PyRDP 1.0 – The Remote Desktop Pwnage MITM and Library.
Tools
pyrdp-convert
tool to convert between pcaps, PyRDP replay files and MP4 video files.
Read its section in the README for details.
See #199, #188 and #170.Player
--headless
mode to output replay data to the terminal.
All GUI dependencies are now optional enabling further Docker image size reduction.
See #151, #163 and #190.MITM
-c
and -k
arguments.--auth ssp
switch.
It requires the RDP server's private key which must be given to PyRDP.
See #229 for details.twistd
plugin (#174, #177, #191)replayfilename
to the connection report log entrysessionID
to replay filename--disable-active-clipboard
switch to prevent clipboard request injection--no-downgrade
switch to prevent protocol downgrading where possible #189--no-files
switch to prevent extracting transferred files #195--no-gdi
switch was added to force the previous behavior (bitmaps).
See #50 and #209 for details.pyrdp-mitm
-slim
variants (#173, #198)pyrdp-mitm -h
to avoid confusing crash on docker-compose up
(#173)Thanks to the following people who contributed to this release:
Olivier Bilodeau (@obilodeau), Alexandre Beaulieu (@alxbl), Émilio Gonzalez (@res260), Francis Labelle (@xshill), @robeving, @sotebob
Now with 100% public docker image!
Thanks to the following people who contributed to this release:
Émilio Gonzalez, Francis Labelle, Olivier Bilodeau, Ondrej Gersl
Release just in time for our Derbycon talk!
Thanks to the following people who contributed to this release:
Maxime Carbonneau
A special BlackHat USA Arsenal 2019 release!
virtualenv
setup (#110)Thanks to the following people who contributed to this release:
Maxime Carbonneau, Émilio Gonzalez, Francis Labelle and Olivier Bilodeau
A special NorthSec 2019 release just in time for Francis Labelle and Émilio Gonzalez's talk on PyRDP.
virtualenv
(#84)Thanks to the following people who contributed to this release:
Etienne Lacroix, Olivier Bilodeau, Francis Labelle
Our first release! See our introductory blog post for full details.
Thanks to the following people who contributed to this release:
Francis Labelle, Émilio Gonzalez, CoolAcid
Special thanks to Sylvain Peyrefitte who created RDPy on which we initially based PyRDP. We eventually had to fork due to drastic changes in order to achieve the capabilities we were interested in building. That said, his initial architecture and base library choices shoul be recognized as they stood the test of time.