diff options
author | B. Stack <bgstack15@gmail.com> | 2021-07-29 09:44:57 -0400 |
---|---|---|
committer | B. Stack <bgstack15@gmail.com> | 2021-07-29 09:44:57 -0400 |
commit | 518c1fb1d43e895a4f3070653174c6e3ec481889 (patch) | |
tree | 2551381509c404f27b04f77751f6ca7198215738 /README.md | |
download | read-rdp-cert-518c1fb1d43e895a4f3070653174c6e3ec481889.tar.gz read-rdp-cert-518c1fb1d43e895a4f3070653174c6e3ec481889.tar.bz2 read-rdp-cert-518c1fb1d43e895a4f3070653174c6e3ec481889.zip |
initial commit
Diffstat (limited to 'README.md')
-rw-r--r-- | README.md | 28 |
1 files changed, 28 insertions, 0 deletions
diff --git a/README.md b/README.md new file mode 100644 index 0000000..57349e5 --- /dev/null +++ b/README.md @@ -0,0 +1,28 @@ +# Readme for `read_rdp_cert` + +## Overview +Remote Desktop Protocol (rdp) has the ability to use TLS certificates to encrypt the traffic. Unfortunately, the traditional trick with `openssl s_client -connect rpdhost.example.com:3389` does not work due to how RDP has some communication before engaging the tls components. + +This project can read a packet capture, really any pcap that contains the TLSv1 Certificate protocol, and save from the TLSv1 Certificates packets any pem-format certificates to disk. Of course this project is open-source, so you can adapt it to do whatever you want. + +## Reason for existence +I have not found on the Internet appears how to read RDP certificates. + +## Alternatives +I have not researched these alternatives thoroughly, but they showed possible alternative libraries to use: +* [https://github.com/thy09/isolation/blob/master/load_cert.py](https://github.com/thy09/isolation/blob/master/load_cert.py) +* pyshark lib [https://security.stackexchange.com/questions/123851/how-can-i-extract-the-certificate-from-this-pcap-file](https://security.stackexchange.com/questions/123851/how-can-i-extract-the-certificate-from-this-pcap-file) + +## References +The `iplayer_from_raw` function is almost directly from [cuckoolinux -> network.py](https://github.com/0x71/cuckoo-linux/blob/82263c5df40ebe70dc35976b917293eb54a363af/modules/processing/network.py) and is licensed GPL-3. + +## License +GPL-3 + +## Dependencies +Distro | Packages +--------- | -------------------------------- +Fedora 33 | python3-pyOpenSSL, python3-dpkt +Devuan | python3-openssl, python3-dpkt + +Tested against python 3.9.2 but probably could be lowered if you replace the f"" strings (started with python 3.6). |