pyrdp icon indicating copy to clipboard operation
pyrdp copied to clipboard
verified publisher icon GoSecure

Session Hijacking - Keep session alive on client disconnect

Open alxbl opened this issue 5 years ago • 1 comments

Currently, if an intercepted client disconnects while their session is hijacked, PyRDP will ignore the request for disconnect until the RDP client times out, after which point both connections (client - pyrdp and pyrdp - server) are disconnected. Dropping the hijacked session in the process.

It would be nice and not too complicated to disconnect the client smoothly while keeping the hijacked session active.

This would also require minor UI improvements to mark the state of the client (something simple like: idle, active, disconnected) In fact, this might be a whole other feature that ties in with #148 and gives a smoother experience to session hijacking.

alxbl avatar Aug 06 '20 14:08 alxbl

To add to my initial description, here is what this would involve at the minimum:

  • [ ] (Maybe) Modify the AttackerMITM to expose a isHijacked property.
  • [ ] Modify the handler for the disconnect packet (from client) to keep the server-side channel alive when attacker is in progress
  • [ ] Ensure that the handler for server disconnection drops the server channel even if there is not matching client
  • [ ] Modify the release control behavior so that if the client is gone, a disconnection sequence is sent to the server

alxbl avatar Aug 17 '20 14:08 alxbl