Closed gpavinteractiv closed 7 months ago
wiresock
commented
8 months ago To my understanding, tunneling UDP over SSH isn't straightforward and requires additional effort. Meanwhile, Microsoft Terminal Services Client (MSTSC) utilizes UDP when available. To address potential issues, consider disabling UDP support in the configuration file and observe if this resolves the problem.
gpavinteractiv
commented
8 months ago I have disabled UDP for RDP client :
HKEY_LOCAL_MACHINE \ SOFTWARE \ Policies \ Microsoft \ Windows NT \ Terminal Services \ Client \ fClientDisableUDP : 1
I still get the same error :
2024-02-29 10:22:22.3606|INFO|ProxiFyre.ProxiFyreService|Successfully associated mstsc to 192.168.0.5:6666 SOCKS5 proxy with protocols TCP!
2024-02-29 10:22:22.3791|INFO|ProxiFyre.ProxiFyreService|Successfully associated C:\Windows\SysWOW64\mstsc.exe to 192.168.0.5:6666 SOCKS5 proxy with protocols TCP!
2024-02-29 10:22:22.4251|INFO|ProxiFyre.ProxiFyreService|ProxiFyre Service is running...
2024-02-29 10:22:23.3591|INFO|ProxiFyre.ProxiFyreService|29/02/2024 09:22:22::Message::Creating SOCKS5 Local Router instance...::0
2024-02-29 10:22:23.3591|INFO|ProxiFyre.ProxiFyreService|29/02/2024 09:22:22::Message::SOCKS5 Local Router instance successfully created.::0
2024-02-29 10:22:23.3591|INFO|ProxiFyre.ProxiFyreService|29/02/2024 09:22:22::Message::Local TCP proxy for 192.168.0.5:6666 is listening port: 52699::0
2024-02-29 10:22:23.3591|INFO|ProxiFyre.ProxiFyreService|29/02/2024 09:22:22::Message::socks5_local_router:: Detected default interface {B82AB05F-6715-4E51-BE24-3C38BB33D86C}::0
2024-02-29 10:22:23.3591|INFO|ProxiFyre.ProxiFyreService|29/02/2024 09:22:22::Message::SOCKS5 Local Router instance started successfully.::0
2024-02-29 10:22:31.4288|INFO|ProxiFyre.ProxiFyreService|29/02/2024 09:22:30::Message::Redirecting TCP: 192.168.0.10 : 52704 -> 10.9.80.181 : 3389::0
2024-02-29 10:22:31.4288|INFO|ProxiFyre.ProxiFyreService|29/02/2024 09:22:30::Message::NEW TCP: 192.168.0.10 : 52704 -> 10.9.80.181 : 3389::0
2024-02-29 10:22:31.4288|INFO|ProxiFyre.ProxiFyreService|29/02/2024 09:22:30::Message::TCP Redirect entry was found for the 10.9.80.181 : 52704 is 10.9.80.181 : 3389::0
2024-02-29 10:22:31.4288|INFO|ProxiFyre.ProxiFyreService|29/02/2024 09:22:30::Message::tcp_proxy_server: connect_to_remote_host: 192.168.0.5 : 6666::0
2024-02-29 10:22:33.4538|INFO|ProxiFyre.ProxiFyreService|29/02/2024 09:22:32::Message::DELETE TCP: 52704 -> 10.9.80.181 : 3389::0I have finally found some time to test a similar setup, and it worked perfectly. I created an app-config.json file with the following content:
{
"logLevel": "None",
"proxies": [
{
"appNames": ["firefox", "mstsc"],
"socks5ProxyEndpoint": "127.0.0.1:8080",
"supportedProtocols": ["TCP"]
}
]
}Then, I connected to the remote Linux machine via SSH using ssh mysshhost.com -D8080. Next, I started ProiFyre and initiated a Remote Desktop session to a Windows machine, which is on the same LAN as the Linux host. Everything worked flawlessly.
I'm unsure of the specific cause of your issues, but it might be beneficial to capture and analyze network traffic, as this could potentially illuminate the underlying problem. When you set the logging level to 'All', you should be able to obtain a pcap file in addition to the standard text logs. From the snippet of the log you provided, it seems that the attempt to connect through the SOCKS proxy was either unsuccessful or the connection was dropped.
Here is a log snippet from the succesful session:
2024-03-02 09:57:22.5143|INFO|ProxiFyre.ProxiFyreService|3/2/2024 8:57:21 AM::Message::Redirecting TCP: 192.168.3.134 : 60117 -> 192.168.1.5 : 3389::0
2024-03-02 09:57:22.5143|INFO|ProxiFyre.ProxiFyreService|3/2/2024 8:57:21 AM::Message::NEW TCP: 192.168.3.134 : 60117 -> 192.168.1.5 : 3389::0
2024-03-02 09:57:22.5143|INFO|ProxiFyre.ProxiFyreService|3/2/2024 8:57:21 AM::Message::TCP Redirect entry was found for the 192.168.1.5 : 60117 is 192.168.1.5 : 3389::0
2024-03-02 09:57:22.5143|INFO|ProxiFyre.ProxiFyreService|3/2/2024 8:57:21 AM::Message::tcp_proxy_server: connect_to_remote_host: 127.0.0.1 : 8080::0
2024-03-02 09:57:22.5143|INFO|ProxiFyre.ProxiFyreService|3/2/2024 8:57:21 AM::Message::tcp_proxy_socket: process_receive_buffer_complete: data received from locally connected socket: 47::0
2024-03-02 09:57:22.5143|INFO|ProxiFyre.ProxiFyreService|3/2/2024 8:57:21 AM::Message::tcp_proxy_socket: process_receive_buffer_complete: sending data to remotely connected socket: 47::0
2024-03-02 09:57:22.5143|INFO|ProxiFyre.ProxiFyreService|3/2/2024 8:57:21 AM::Message::tcp_proxy_socket: process_send_buffer_complete: send complete to remotely connected socket: 47::0
2024-03-02 09:57:22.5143|INFO|ProxiFyre.ProxiFyreService|3/2/2024 8:57:21 AM::Message::tcp_proxy_socket: process_receive_buffer_complete: data received from remotely connected socket: 19::0
2024-03-02 09:57:22.5143|INFO|ProxiFyre.ProxiFyreService|3/2/2024 8:57:21 AM::Message::tcp_proxy_socket: process_receive_buffer_complete: sending data to locally connected socket: 19::0
2024-03-02 09:57:22.5143|INFO|ProxiFyre.ProxiFyreService|3/2/2024 8:57:21 AM::Message::tcp_proxy_socket: process_send_buffer_complete: send complete to locally connected socket: 19::0P.S.I recently observed that mstsc displays an error message you reported above when my SSH tunnel is not operational. Therefore, I suggest verifying that your SOCKS proxy is up and running, and ensuring that it's accessible.
ssh tunnel is running and confirmed working.
I have set up proxyfire as such :
When I run mstsc directly, it works, but through proxyfire I get the following error:
Here are the logs :