wip: rough edges of rdp proxy

2025-08-24 15:16:18 -07:00 · 2019-04-15 08:44:41 -04:00 · 2019-04-15 08:44:41 -04:00 · 64f16ce418
commit 64f16ce418
parent d4ca144a23
1 changed files with 150 additions and 146 deletions
--- a/modules/rdp_proxy/rdp_proxy_linux_amd64.go
+++ b/modules/rdp_proxy/rdp_proxy_linux_amd64.go
@ -20,13 +20,12 @@ import (
 type RdpProxy struct {
    session.SessionModule
    done       chan bool
-	chainName  string
-	rule       string
    queue      *nfqueue.Queue
    queueNum   int
    queueCb    nfqueue.Callback
-	pluginPath string
-	plugin     *plugin.Plugin
+    port       int
+    start_port int
+    targets    net.IPv4[]
 }

 var mod *RdpProxy
@ -37,30 +36,37 @@ func NewRdpProxy(s *session.Session) *RdpProxy {
        done:          make(chan bool),
        queue:         nil,
        queueCb:       nil,
+        port:          0,
+        start_port:    40000,
+
        queueNum:      0,
        chainName:     "OUTPUT",
    }

-	mod.AddHandler(session.NewModuleHandler("rdp.proxy on", "",
-		"Start the RDP proxy.",
+    mod.AddHandler(session.NewModuleHandler("rdp.proxy on", "", "Start the RDP proxy.",
        func(args []string) error {
            return mod.Start()
        }))

-	mod.AddHandler(session.NewModuleHandler("rdp.proxy off", "",
-		"Stop the RDP proxy.",
+    mod.AddHandler(session.NewModuleHandler("rdp.proxy off", "", "Stop the RDP proxy.",
        func(args []string) error {
            return mod.Stop()
        }))

-	mod.AddParam(session.NewIntParameter("rdp.proxy.queue.num",
-		"0",
-		"NFQUEUE number to bind to."))
+    mod.AddParam(session.NewIntParameter("rdp.proxy.queue.num", "0", "NFQUEUE number to bind to."))
+    mod.AddParam(session.NewIntParameter("rdp.proxy.port", "3389", "RDP port to intercept."))

-    mod.AddParam(session.NewIntParameter("rdp.proxy.port",
-        "3389",
-        "RDP port to intercept."
-    ))
+    /* NOTES
+     * - The RDP port
+     * - The target source IPs (This can actually be handled by ARP.Spoof)
+     * - The target destination IPs
+     * - Starting Port
+     * - Maximum Instances (future)
+     * - RDP Command (if not pyrdp-mitm)
+     *
+     * FUTURE WORK:
+     * - Centralized Instance of pyrdp
+     */

    // mod.AddParam(session.NewStringParameter("rdp.proxy.targets",
        // session.ParamSubnet,
@ -70,14 +76,9 @@ func NewRdpProxy(s *session.Session) *RdpProxy {
    // TODO: Should support comma separated subnets
    // mod.AddParam(session.NewStringParameter("rdp.proxy.targets", "3389", session.IPv4RangeValidator "RDP port to intercept."))

-	mod.AddParam(session.NewIntParameter("rdp.proxy.start",
-		"40000",
-		"",
-		"Starting port for pyrdp sessionss"))
-
-    mod.AddParam(session.NewStringParameter("rdp.proxy.command",
-        "pyrdp-mitm",
-        "The PyRDP base command to launch the man-in-the-middle."))
+    mod.AddParam(session.NewIntParameter("rdp.proxy.start", "40000", "", "Starting port for pyrdp sessionss"))
+    mod.AddParam(session.NewStringParameter("rdp.proxy.command", "pyrdp-mitm", "The PyRDP base command to launch the man-in-the-middle."))
+    mod.AddParam(session.NewStringParameter("rdp.proxy.targets", "<All Subnets>", "A comma delimited list of destination IPs or CIDRs to target."))

    return mod
 }
@ -185,9 +186,12 @@ func (mod *RdpProxy) Configure() (err error) {
    return nil
 }

-// we need this because for some reason we can't directly
-// pass the symbol loaded from the plugin as a direct
-// CGO callback ... ¯\_(ツ)_/¯
+func OnRDPConnection(payload *nfqueue.Payload) int {
+    log.Info("New Connection: %v", payload)
+    // TODO: Find a more efficient way to do this.
+    payload.SetVerdict(nfqueue.NF_DROP) // Force a retransmit to trigger the new firewall rules.
+    return 0
+}
 func dummyCallback(payload *nfqueue.Payload) int {
    return mod.queueCb(payload)
 }