SteveWare
commented
8 years ago This should be done. There is a README in the test directory, but this is what you are interested in:
rdp_replay -r demo1.pcap -p demo1.pem --no_cksum
I suspect that you do not have the correct private key. Good luck.
Hello,
I am having difficulties playing pcap file with RDP Replay tool on Ubuntu 14.04. I extracted certificate with mimikatz from Windows 7 and also extracted LSA keys with extractrdpkeys.x86.exe. Neither -p x509.pem nor -L HYDRAENC key works. It says;
./rdp_replay -r ../../rdp6.pcap -L ../../L\$HYDRAENCKEY_28ada6da-d622-11d1-9cb9-00c04fb16e75.bin Processed private key from L$HYDRAENCKEY_28ada6da-d622-11d1-9cb9-00c04fb16e75.bin RDP SSL MODE Requested by server!! SSL-ERROR: No matching private key found
./rdp_replay -r ../../rdp3.pcap -p ../../outfile.pem --no_cksum RDP SSL MODE Requested by server!! SSL private key found. SSL-ERROR: RSA private key decrypt failed
I am not sure what is wrong with it and in order to verify my steps, could you share your demo1.pem and demo1.pcap please because Test folder does not exist in your folder.
Regards,