search

GoSecure / pyrdp

RDP monster-in-the-middle (mitm) and library for Python with the ability to watch connections live or after the fact
https://www.gosecure.net/blog/2020/10/20/announcing-pyrdp-1/
GNU General Public License v3.0
1.53k stars 248 forks source link

Unable to listen connection #226

Closed MMohtasham closed 4 years ago

MMohtasham commented 4 years ago

i am using the command pyrdp-mitm server-ip -i 127.0.0.1 -d port and unable to listen connection, kindly help how to use this?? mitm

alxbl commented 4 years ago

I'm not sure what your question is?

PyRDP listens to 0.0.0.0:3389 by default, the -i and -d flags are meant to configure the address of a listening pyrdp-player instance. You will need to start PyRDP player and configure it with the right listening port so that the MITM is able to connect to it.

If you want to change the listening port for the MITM, you need to use -l (lower case L)

MMohtasham commented 4 years ago

i am facing this problem that pyrdp is just listening all the connections BUT, I AM UNABLE TO MAKE A CONNECTION. pyrdp-mitm.py server ip -i listening ip -d port i am using this syntax with port 3389 can you please help me to make a connection. Thank You.

alxbl commented 4 years ago

Does it work when you connect directly to the MITM IP? If it doesn't, you most likely have a firewall blocking incoming connections.

If it does work, then everything is fine. The problem is likely that you need a way to redirect clients to your MITM to actually perform interception. PyRDP does not perform ARP spoofing or traffic redirection attacks, it only accepts connections and forwards them. As described in the documentation, you need to use a tool like bettercap or arpspoof to force clients to connect to your MITM instead of the intended server.

EDIT: Note that the instructions in that page document how to use the custom bettercap module, but if you have a single target it might be better to use the latest version of bettercap only for its arp.spoof module.

MMohtasham commented 4 years ago

Which firewall is blocking my connection ubuntu or server 2012 R2.

On Thu, May 21, 2020, 17:51 Alexandre Beaulieu notifications@github.com wrote:

Does it work when you connect directly to the MITM IP? If it doesn't, you most likely have a firewall blocking incoming connections.

If it does work, then everything is fine. The problem is likely that you need a way to redirect clients to your MITM to actually perform interception. PyRDP does not perform ARP spoofing or traffic redirection attacks, it only accepts connections and forwards them. As described in the documentation https://github.com/GoSecure/pyrdp/blob/master/docs/bettercap-rdp-mitm.md, you need to use a tool like bettercap or arpspoof to force clients to connect to your MITM instead of the intended server.

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/GoSecure/pyrdp/issues/226#issuecomment-632068232, or unsubscribe https://github.com/notifications/unsubscribe-auth/ALULETANGIUJ222DGCQM3GTRSUPVNANCNFSM4M3FHILA .

alxbl commented 4 years ago

I can't tell you that, you need to check your environment configuration and settings. In any case, I don't think this is an issue with PyRDP itself, so I'm closing it..

Please refer to bettercap's documentation about ARP spoofing and verify your environment to ensure it's setup properly. If you believe you did find a bug, please provide some debug output to help us located which part of the code is causing the issue.

Thanks,