pyrdp icon indicating copy to clipboard operation
pyrdp copied to clipboard

Published 20 hours ago verified publisher icon GoSecure

Add Support for Client Fingerprinting

Open Res260 opened this issue 4 years ago • 2 comments

Log client's monitor extended data

This contains many information about the client's monitors, such as the physical size, orientation and scaling, which can be used to identify users.

Reference: https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-rdpbcgr/dfaf8842-c20c-4626-bd3b-8b7d0463bc0f

Res260 avatar Apr 23 '20 17:04 Res260

Client Product ID This could be paired with the clientProductDigId from CLIENT_DATA as it could be useful for fingerprinting actors or various tools. There isn't much documentation on the generation of DigIds, though

alxbl avatar Jun 06 '20 15:06 alxbl

When redirecting audio from the server to the client (enabled by default on mstsc), a list of AUDIO_FORMAT is sent from the server to the client, and then from the client to the server. This could maybe be used as a fingerprinting method.

https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-rdpea/53e45199-5629-4352-8617-3dd0347964ee

Res260 avatar Jun 14 '20 19:06 Res260