Skip to content

Commit

Permalink
nla redirection: use certificate of original server
Browse files Browse the repository at this point in the history
  • Loading branch information
spameier committed Dec 21, 2022
1 parent ad70494 commit e44fcc1
Showing 1 changed file with 16 additions and 1 deletion.
17 changes: 16 additions & 1 deletion pyrdp/mitm/RDPMITM.py
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,9 @@
import asyncio
import datetime
import typing
import ssl

from OpenSSL import crypto
from twisted.internet import reactor
from twisted.internet.protocol import Protocol

Expand Down Expand Up @@ -218,7 +220,20 @@ async def connectToServer(self):
self.log.error("Failed to connect to recording host: timeout expired")

def doClientTls(self):
cert = self.server.tcp.transport.getPeerCertificate()
if self.state.isRedirected():
self.log.info(
"Fetching certificate of the original host %(host)s:%(port)d because of NLA redirection",
{
"host": self.state.config.targetHost,
"port": self.state.config.targetPort,
},
)
pem = ssl.get_server_certificate(
(self.state.config.targetHost, self.state.config.targetPort)
)
cert = crypto.load_certificate(crypto.FILETYPE_PEM, pem)
else:
cert = self.server.tcp.transport.getPeerCertificate()
if not cert:
# Wait for server certificate
reactor.callLater(1, self.doClientTls)
Expand Down

0 comments on commit e44fcc1

Please sign in to comment.