alxbl
commented
4 years ago To add to my initial description, here is what this would involve at the minimum:
- [ ] (Maybe) Modify the AttackerMITM to expose a
isHijackedproperty. - [ ] Modify the handler for the disconnect packet (from client) to keep the server-side channel alive when attacker is in progress
- [ ] Ensure that the handler for server disconnection drops the server channel even if there is not matching client
- [ ] Modify the release control behavior so that if the client is gone, a disconnection sequence is sent to the server
Currently, if an intercepted client disconnects while their session is hijacked, PyRDP will ignore the request for disconnect until the RDP client times out, after which point both connections (client - pyrdp and pyrdp - server) are disconnected. Dropping the hijacked session in the process.
It would be nice and not too complicated to disconnect the client smoothly while keeping the hijacked session active.
This would also require minor UI improvements to mark the state of the client (something simple like: idle, active, disconnected) In fact, this might be a whole other feature that ties in with #148 and gives a smoother experience to session hijacking.