From 9e9449c54e26a0af59cff1569e64d12d33507249 Mon Sep 17 00:00:00 2001 From: spameier Date: Fri, 25 Nov 2022 17:12:44 +0100 Subject: [PATCH] nla redirection: use certificate of original server --- pyrdp/mitm/RDPMITM.py | 17 ++++++++++++++++- 1 file changed, 16 insertions(+), 1 deletion(-) diff --git a/pyrdp/mitm/RDPMITM.py b/pyrdp/mitm/RDPMITM.py index 07d1437dc..237b936df 100644 --- a/pyrdp/mitm/RDPMITM.py +++ b/pyrdp/mitm/RDPMITM.py @@ -7,7 +7,9 @@ import asyncio import datetime import typing +import ssl +from OpenSSL import crypto from twisted.internet import reactor from twisted.internet.protocol import Protocol @@ -218,7 +220,20 @@ async def connectToServer(self): self.log.error("Failed to connect to recording host: timeout expired") def doClientTls(self): - cert = self.server.tcp.transport.getPeerCertificate() + if self.state.isRedirected(): + self.log.info( + "Fetching certificate of the original host %(host)s:%(port)d because of NLA redirection", + { + "host": self.state.config.targetHost, + "port": self.state.config.targetPort, + }, + ) + pem = ssl.get_server_certificate( + (self.state.config.targetHost, self.state.config.targetPort) + ) + cert = crypto.load_certificate(crypto.FILETYPE_PEM, pem) + else: + cert = self.server.tcp.transport.getPeerCertificate() if not cert: # Wait for server certificate reactor.callLater(1, self.doClientTls)