NAME

- A server binary allowing MITM proxying of RDP connections

SYNOPSIS

[-h] [--help] [--buildconfig] [--dump-config <config file>] [-v] [--version] [<config file>]

DESCRIPTION

can be used to proxy a RDP connection between a target server and connecting clients. Possible usage scenarios are:

Proxying

Connect outdated/insecure RDP servers from behind a (more secure) proxy

Analysis

Allow detailed protocol analysis of (many) unknown protocol features (channels)

Inspection

MITM proxy for session inspection and recording

OPTIONS

-h,--help

Display a help text explaining usage.

--buildconfig

Print the build configuration of the proxy and exit.

-v,--version

Print the version of the proxy and exit.

--dump-config

Dump a template configuration to <config-ini-file>

<config-ini-file>

Start the proxy with settings read from <config-ini-file>

WARNING

The proxy does not support authentication out of the box but acts simply as intermediary. Only RDP and TLS security modes are supported, NLA will fail for connections to the proxy. To implement authentication a proxy-module can be implemented that can authenticate against some backend and map connecting users and credentials to target server users and credentials.

EXAMPLES

/some/config/file

--dump-config /some/config/file

PREPARATIONS

1. generate certificates for proxy

winpr-makecert -rdp -path . proxy

2. generate proxy configuration

--dump-config proxy.ini

3. edit configurartion and:

* provide (preferrably absolute) paths for CertificateFile and PrivateKeyFile generated previously
* remove the CertificateContents and PrivateKeyContents
* Adjust the [Server] settings Host and Port to bind a specific port on a network interface
* Adjust the [Target] Host and Port settings to the RDP target server
* Adjust (or remove if unuse) the Plugins settings

3. start proxy server

proxy.ini

EXIT STATUS

0

Successful program execution.

1

Otherwise.

SEE ALSO

wlog(7)

AUTHOR

FreeRDP <team@freerdp.com>