Add Support for Client Fingerprinting

GoSecure / pyrdp

RDP monster-in-the-middle (mitm) and library for Python with the ability to watch connections live or after the fact

https://www.gosecure.net/blog/2020/10/20/announcing-pyrdp-1/

GNU General Public License v3.0

1.51k stars 246 forks source link

Add Support for Client Fingerprinting #225

Open Res260 opened 4 years ago

Res260 commented 4 years ago

Log client's monitor extended data

This contains many information about the client's monitors, such as the physical size, orientation and scaling, which can be used to identify users.

Reference: https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-rdpbcgr/dfaf8842-c20c-4626-bd3b-8b7d0463bc0f

alxbl commented 4 years ago

Client Product ID This could be paired with the clientProductDigId from CLIENT_DATA as it could be useful for fingerprinting actors or various tools. There isn't much documentation on the generation of DigIds, though

Res260 commented 4 years ago

When redirecting audio from the server to the client (enabled by default on mstsc), a list of AUDIO_FORMAT is sent from the server to the client, and then from the client to the server. This could maybe be used as a fingerprinting method.

https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-rdpea/53e45199-5629-4352-8617-3dd0347964ee