Index out of range during protocol negotiation when using host name

[tfriesen]

Win X client, Server 2008 R2 server.

Interestingly, if I use the IP instead of the domain name, I get issue #17 instead. On rare occasions, this will 'work', and I get issue #17 again.

(With debug:)

[] Spoofing arp replies... [] Turning on IP forwarding... [] Set iptables rules for SYN packets... [] Waiting for a SYN packet to the original destination... [+] Got it! Original destination is * [] Clone the x509 certificate of the original destination... [] Adjust the iptables rule for all packets... [] Run RDP proxy... Warning: The python3 module 'hexdump' is missing. Using hexlify instead. Listening for new connection Connection received from **:34673 From client:

Listening for new connection Exception in thread Thread-1: Traceback (most recent call last): File "/usr/lib/python3.6/threading.py", line 916, in _bootstrap_inner self.run() File "/root/src/Seth/seth/main.py", line 37, in run self.handle_protocol_negotiation() File "/root/src/Seth/seth/main.py", line 100, in handle_protocol_negotiation self.save_vars({"RDP_PROTOCOL_OLD": data[-4]}) IndexError: index out of range

This would suggest that the socket read on line 98 is returning no data. Confirmed with a print(len(data)) check.

[AdrianVollmer]

If no data is returned, this means the peer has reset the connection. Maybe a pcap file of the connection could tell us more.