Skip to content

Commit

Permalink
nla redirection: use certificate of original server
Browse files Browse the repository at this point in the history
  • Loading branch information
spameier committed Jan 12, 2023
1 parent 15de386 commit 57f76c3
Showing 1 changed file with 18 additions and 1 deletion.
19 changes: 18 additions & 1 deletion pyrdp/mitm/RDPMITM.py
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,9 @@
import asyncio
import datetime
import typing
import socket

from OpenSSL import SSL, crypto
from twisted.internet import reactor
from twisted.internet.protocol import Protocol

Expand Down Expand Up @@ -218,7 +220,22 @@ async def connectToServer(self):
self.log.error("Failed to connect to recording host: timeout expired")

def doClientTls(self):
cert = self.server.tcp.transport.getPeerCertificate()
if self.state.isRedirected():
self.log.info(
"Fetching certificate of the original host %(host)s:%(port)d because of NLA redirection",
{
"host": self.state.config.targetHost,
"port": self.state.config.targetPort,
},
)
# Use context from pyrdp
context = ClientTLSContext().getContext()
connection = SSL.Connection(context, socket.socket(socket.AF_INET, socket.SOCK_STREAM))
connection.connect((self.state.config.targetHost, self.state.config.targetPort))
connection.do_handshake()
cert = connection.get_peer_certificate()
else:
cert = self.server.tcp.transport.getPeerCertificate()
if not cert:
# Wait for server certificate
reactor.callLater(1, self.doClientTls)
Expand Down

0 comments on commit 57f76c3

Please sign in to comment.