wallix / redemption Goto Github PK

A GPL RDP proxy

License: GNU General Public License v2.0

C++ 97.91% Shell 0.07% Python 0.84% Makefile 0.01% HTML 0.09% Perl 0.01% Awk 0.02% Dockerfile 0.01% JavaScript 1.00% Lua 0.05% C 0.01%

rdp redemption proxy linux

redemption's Introduction

About ReDemPtion

Redemption is a versatile RDP proxy, meaning one will connect to remote desktops through Redemption. This allows to centralize remote connection creating a single end point for several desktops. About the versatile part, Redemption is able to connect to VNC servers, permitting connection from Windows® to Linux, for instance. It is only known to run on Linux (Ubuntu, Debian, Arch Linux) and no effort were made to port it to Win32, MacOS or FreeBSD.

Redemption is also able to record sessions in .wrm/.mwrm files and then convert them to mp4 video.

The project also contains 2 RDP clients:

A desktop client in projects/qtclient (supports RDP and VNC)
A web client in projects/jsclient that uses a websocket (option that must be enabled in the proxy configuration).

Compilation
Run Redemption
Setting Redemption
1. Migrate the configuration to the next version
Session recording
1. Convert .mwrm/.wrm capture to video
Compile proxy_recorder
Packaging
Test files

Compilation

For automatic compilation, a Dockerfile is available. This one is based on Ubuntu, but other linux systems are supported like Debian or Alpine. For the latter, -s MUSL_LIBC=1 must be added on the line containing bjam and the libgettext package must be added in the installed package.

The following is for manual installation.

Dependencies

To compile Redemption you need the following packages:

libboost-tools-dev (contains bjam and b2: software build tool) (https://www.bfgroup.xyz/b2/)
libboost-test-dev (unit-test dependency)
zlib1g-dev
libssl-dev
libkrb5-dev
libsnappy-dev
libpng-dev
libbz2-dev
libhyperscan-dev
libffmpeg-dev (see below)
gettext
g++ >= 8.0 or clang++ >= 7.0 or other C++17 compiler

apt install libboost-tools-dev libboost-test-dev libssl-dev libkrb5-dev libsnappy-dev libpng-dev libbz2-dev libhyperscan-dev

FFmpeg

If your goal is to use the proxy without doing any video conversion (the recording is still available), you can disable FFmpeg by adding NO_FFMPEG=1 to your environment variables before compiling.

For more information on available variables, see Setting build variables.

Ubuntu / Debian

Package:

libavcodec-dev
libavformat-dev
libavutil-dev
libswscale-dev
libx264-dev

apt install libavcodec-dev libavformat-dev libavutil-dev libswscale-dev libx264-dev

Other distros

https://github.com/FFmpeg/FFmpeg/archive/n2.5.11.tar.gz (or later)

And set the build variables (optionally)

FFMPEG_INC_PATH=/my/ffmpeg/include/path
FFMPEG_LIB_PATH=/my/ffmpeg/library/path (/!\ without / terminal)
FFMPEG_LINK_MODE=shared (static or shared, shared by default)

Compile from source

(Instruction for Debian 9).

Well, that's pretty easy once you installed the required dependencies.

Go to the redemption folder then just run (as user):

bjam exe libs

(Always put a target name, otherwise the tests will also be compiled and executed).

Then install (as administrator):

bjam install

bjam install depends on exe libs, if you have enough rights, it is not necessary to run the first command.

Binaries are located by default in /usr/local/bin. For a user install, see Local Installation.

You can choose your compiler and its version by adding toolset=${compiler} on the command line: bjam toolset=gcc exe libs / bjam toolset=clang-16 exe libs (see https://www.bfgroup.xyz/b2/manual/main/index.html#bbv2.overview.configuration and tools/bjam/user-config.jam).

You will find bjam auto-completion files for bash and zsh in the tools/bjam folder.

Note: If you intend to make changes to the proxy, it is not necessary to reinstall it each time, the executable created in the bin folder can be run directly. It is also possible to install only resources via bjam install-resources without installing the executable and library.

Run tests

Tests are compiled and run with bjam tests. You can also compile everything (exe, lib, tests + runtime) with just bjam (without specifying a target).

Each test file has its corresponding target and can be run independently:

bjam tests/utils/test_rect  # for tests/utils/test_rect.cpp
bjam test_rect              # same

In addition, each folder has an associated target name:

bjam tests/utils        # all tests in tests/utils/
bjam tests/utils.norec  # all tests in tests/utils/, but not recursively (exclude sub-directories)

For more user-friendly test output, you can look at what's in tools/bjam.

Verbose tests

By default, tests do not display log messages. These can be enabled by playing with the REDEMPTION_LOG_PRINT environment variable.

export REDEMPTION_LOG_PRINT=1
bjam tests

REDEMPTION_LOG_PRINT=1 enable all logs
REDEMPTION_LOG_PRINT=e for error and debug only
REDEMPTION_LOG_PRINT=d for debug only
REDEMPTION_LOG_PRINT=w for other than info

In debug mode and if the BOOST_STACKTRACE option is set, the Error constructor displays a call stack. This can be controlled with the environment variable REDEMPTION_FILTER_ERROR which contains a comma separated list of values to ignore.

REDEMPTION_FILTER_ERROR= no filter
REDEMPTION_FILTER_ERROR='*' filter all
REDEMPTION_FILTER_ERROR=ERR_TRANSPORT_NO_MORE_DATA,ERR_SEC filter specific errors (see src/core/error.hpp).

Compilation error in test_snappy.cpp

Under some versions of Ubuntu, Snappy dev files are broken and SNAPPY_MAJOR, SNAPPY_MINOR and SNAPPY_PATCHLEVEL macros are not defined. The simplest way to fix that is editing /usr/include/snappy-stubs-public.h and define these above SNAPPY_VERSION.

Like below (change values depending on your snappy package).

// apt show libsnappy-dev | grep Version
// Version: 1.1.7-1
#define SNAPPY_MAJOR 1
#define SNAPPY_MINOR 1
#define SNAPPY_PATCHLEVEL 7

Runtime error in test_video_capture.cpp

These errors should only occur after an FFmpeg update or regression.

The tests on the video generation check the size of the output files. This way of doing is not perfect and the result depends on the version of ffmpeg and the quality of the encoders. There is no other way than to change the range of possible values.

Modes and options

Bjam is configured to offer 3 compilation modes:

release: default
debug: Compile in debug mode
san: Compile in debug mode + sanitizers (asan, lsan, ubsan)

The mode is selected by adding variant=${mode} or simply ${mode} to the bjam command line.

There are also several variables for setting compiler options:

-s cxx-color: default auto never always
-s cxx-lto: off on fat linker-plugin
-s cxx-relro: default off on full
-s cxx-stack-protector: off on strong all
...

Complete list with bjam cxx_help.

Finally, bjam provides cxxflags and linkflags to add options to the compiler and linker. This is useful for example to remove warnings with the latest openssl versions.

bjam variant=debug -s cxx-lto=on cxxflags='-Wno-deprecated-declarations' targets...

By default, bjam compiles everything into a folder named bin, you can change this with --build-dir=new-path.

Setting build variables

List with bjam env_help.

These variables can be used as environment variables or passed on the bjam command line with -s varname=value.

Example with ffmpeg:

bjam -s FFMPEG_INC_PATH=$HOME/ffmpeg/includes ....
# or
FFMPEG_INC_PATH=$HOME/ffmpeg/includes bjam ....
# or
export FFMPEG_INC_PATH=$HOME/ffmpeg/includes bjam ....
bjam ....

Local installation

If you have already compiled anything before this step, it is best to delete your bin folder (everything will be recompiled) or remove app_path_exe.o file inside.

The paths to the installed files can be listed with bjam env_help. The minimum requirement is the following (change the install_path variable to your liking).

install_path="$HOME/redemption"
export PREFIX="$install_path"/usr/local
export ETC_PREFIX="$install_path"/etc
export VAR_PREFIX="$install_path"/var
export SESSION_PREFIX="$install_path"/var/lib
export PID_PATH="$install_path"/var/run
bjam ....

Musl libc

bjam -s MUSL_LIBC=1 ....

Add .cpp file

The compiled files are referenced in targets.jam. This is a file that is generated via ./tools/bjam/gen_targets.py and is updated with bjam targets.jam or ./tools/bjam/gen_targets.py > targets.jam.

When you added a .cpp file or there is a link error, remember to run bjam targets.jam.

Run Redemption

For a local test, the usual options are -n and -f. The first option prevents Redemption from forking in the background and the second makes sure no other instance is running.

rdpproxy -nf

And now what ? If everything went ok, you should be facing a waiting daemon ! You need two more things; first a client to connect to Redemption, second a server with RDP running (a Windows server, Windows XP Pro, etc.).

Redemption uses a hook file to get its target, username and password. This file is tools/passthrough/passthrough.py communicates with rdpproxy through a unix socket. This is referenced as "authentifier" in proxy logs.

./tools/passthrough/passthrough.py

Now, at that point you'll just have two servers waiting for connections not much fun. You still have to run some RDP client to connect to proxy. Choose whichever you like xfreerdp, rdesktop, remmina, tsclient on Linux or of course mstsc.exe if you are on Windows. All are supposed to work. If some problem occurs just report it to us so that we can correct it.

Examples with freerdp when the proxy runs on the same host as the client:

xfreerdp /v:127.0.0.1

A dialog box should open in which you can type a device ip, username and a password.

These 3 fields can be pre-filled by configuring the connection identifiers sent by your RDP client. With the default passthrough.py, the target address must be put with the login in the form username@target_ip:

xfreerdp /v:127.0.0.1 /u:[email protected] /p:password

With the default passthrough.py at least internal services should work. Try login internal@bouncer2 or internal@card.

xfreerdp /v:127.0.0.1 /u:internal@bouncer2

passthrough.py is made to be edited and only provides the bare minimum. Here is a diagram that shows the basic interaction between these components:

flowchart LR
    client[RDP Client] --> rdpproxy[rdpproxy -nf]
    rdpproxy --> |user info|passthrough.py
    passthrough.py --> |"remote target info:<br/>username, password<br/> ..."|rdpproxy
    rdpproxy --> server[RDP Server]

Setting Redemption

Redemption's configuration can be found in a rdpproxy.ini file that is not installed (you will have to create it yourself) or via the --config-file=<path> option.

The default location of rdpproxy.ini can be found with the command rdpproxy -c |& grep rdpproxy.ini or rdpinichecker.

rdpproxy also has a --print-default-ini which displays all the default options and values in comments. You can use rdpinihecker -p to get a condensed display.

Some of these options can be modified by passthrough.py by filling in the dictionary sent to send_data(). See tools/passthrough/README.md.

Migrate the configuration to the next version

Between 2 versions, some options can be moved or deleted. tools/conf_migration_tool/rdp_conf_migrate.py allows to automatically migrate a file from an old version.

Session recording

To enable session recording, the line kv['is_rec'] = '1' in passthrough.py must be uncommented.

Convert .mwrm/.wrm capture to video

.mwrm and .wrm are the native capture formats when recording is enabled. The following line will transform a recording into an mp4 video:

redrec -u -i file.mwrm -o output_prefix

Note: use redrec -h to see the list of options.

Compile proxy_recorder

Proxy recorder is a tools used to record dialog between a client and an RDP server without any modification of the data by redemption. This allows to record reference traffic for replaying it later. It is useful for having available new parts or the RDP protocol in a reproducible way and replaying traffic when implementing the new orders. This tools is not (yet) packaged with redemption and delivered as stand-alone.

It can be compiled using static c++ libraries (usefull to use the runtime on systems where reference compiler is older) using the command line below. Links with openssl and kerberos are still dynamic and using shared libraries.

bjam -a -d2 toolset=gcc-7 proxy_recorder linkflags=-static-libstdc++

Exemple call line for proxy_recorder:

proxy_recorder --target-host 10.10.47.252 -p 3389 -P 8000 --nla-username myusername --nla-password mypassword -t dump-%d.out

Packaging

Create Debian package with

./packaging/package.sh

Test files

See test_framework directory.

redemption's People

Contributors

Stargazers

Watchers

Forkers

pearsonalan eric011 tinyserver nimbusrepo mario911 cuzz codercold cekstam manisoftwartist wang-xinhong nrich speidy bbmepic tvi123 gvsurenderreddy pykoder bosoftware bianhezhen xianlimei daniel-kg bright-composite connlan mzpqnxow killvxk awesome-security kikokikok orf53975 jukeks leonluffy erdoukki bkeit msgpo 5l1v3r1 fhgzs alexandrubagu-bss alexandru-bagu ebraminio otakumed123 tradisional2110 zolfagharsoft superiorgaming grizzlymans hhhh881 omarxd135 flash7rbk devdasfun stevesb550 bohjambe kamnsv junkei86 kingo5444 dianaassistant pamung23 brucesongs malhar567 dinadini levskisofia99 youcefislem kkkk09 zhaozhpo herucahyono79 luckyturtle chvi-dev augustin-fl jimmy0896 hamidkazama xgreat heroyf50 tndgm101 edimonson nw-wind kanglin thamacuan fuyxxx huhuhu67666 legec rasgaming19 salmansyed61 jclc lcw266 pai266 sivagudivadaz tehreni999 zhaozhongshu itbastion samet047 halo1236 leeeirc

redemption's Issues

recording, only one second and same frame

I have activate mp4 recording but in my mp4 file i always have 1 second of video and same frame
i have try with branch and future
Debian 10 x64

edit:
similar problem with native mwrm recording,
after conversion i have a single frame in my video, all is freezed

in my test i have

** No errors detected
gcc.compile.c++ bin/gcc-8.3.0/release/tests/capture/test_video_capture.o
gcc.link bin/gcc-8.3.0/release/tests/capture/test_video_capture
testing.unit-test bin/gcc-8.3.0/release/tests/capture/test_video_capture.passed
Running 8 test cases...
tests/capture/test_video_capture.cpp(153): error: in "TestSequencedVideoCaptureMP4": check ::tu::fsize(wd.add_file("video-000001.mp4")) == ::tu::int_(22338 +- 2000_v) has failed [filesize(/tmp/:usr:local:src:redemption:redemption@TestSequencedVideoCaptureMP4@tests-capture-test_video_capture.cpp@gcc-8.3.0@releas e__/video-000001.mp4)= 25893 != 22338+-2000 [20338, 24338]]
Failure occurred in a following context:
wd: /tmp/:usr:local:src:redemption:redemption@TestSequencedVideoCaptureMP4@[email protected]@release__/
tests/capture/test_video_capture.cpp(217): error: in "SequencedVideoCaptureX264": check ::tu::fsize(wd.add_file("video-000006.mp4")) == ::tu::int_(13949 +- 3100_v) has failed [filesize(/tmp/:usr:local:src:redemption:redemption@SequencedVideoCaptureX264@[email protected]@release__/vi deo-000006.mp4)= 17909 != 13949+-3100 [10849, 17049]]
Failure occurred in a following context:
wd: /tmp/:usr:local:src:redemption:redemption@SequencedVideoCaptureX264@[email protected]@release__/
tests/capture/test_video_capture.cpp(246): error: in "TestFullVideoCaptureX264": check ::tu::fsize(wd.add_file("video.mp4")) == ::tu::int_(106930 +- 6000_v) has failed [filesize(/tmp/:usr:local:src:redemption:redemption@TestFullVideoCaptureX264@[email protected]@release__/video.mp4) = 114685 != 106930+-6000 [100930, 112930]]
Failure occurred in a following context:
wd: /tmp/:usr:local:src:redemption:redemption@TestFullVideoCaptureX264@[email protected]@release__/

*** 3 failures are detected in the test module "./tests/capture/test_video_capture.cpp"

LD_LIBRARY_PATH="/usr/bin:/usr/lib:/usr/lib32:/usr/lib64:/usr/local/src/redemption/redemption/bin/gcc-8.3.0/release:$LD_LIBRARY_PATH"

export LD_LIBRARY_PATH

 "bin/gcc-8.3.0/release/tests/capture/test_video_capture"  && touch  "bin/gcc-8.3.0/release/tests/capture/test_video_capture.passed"

...failed testing.unit-test bin/gcc-8.3.0/release/tests/capture/test_video_capture.passed...
gcc.compile.c++ bin/gcc-8.3.0/release/tests/capture/test_wrm_capture.o
gcc.link bin/gcc-8.3.0/release/tests/capture/test_wrm_capture
testing.unit-test bin/gcc-8.3.0/release/tests/capture/test_wrm_capture.passed
Running 7 test cases...

this my logs

rdpproxy: [rdpproxy] psid="15947531696303" type="INCOMING_CONNECTION" src_ip="10.0.8.2" src_port="24547"
rdpproxy: INFO (6303/6303) -- Redemption 8.1.25
rdpproxy: INFO (6303/6303) -- src=10.0.8.2 sport=24547 dst=172.30.0.214 dport=3389
rdpproxy: INFO (6303/6303) -- New session on 5 (pid=6303) from 10.0.8.2 to 172.30.0.214
rdpproxy: INFO (6303/6303) -- CR Recv: PROTOCOL TLS
rdpproxy: INFO (6303/6303) -- CR Recv: PROTOCOL HYBRID
rdpproxy: INFO (6303/6303) -- CR Recv: PROTOCOL HYBRID EX
rdpproxy: INFO (6303/6303) -- -----------------> Front::incoming: TLS Support Enabled nla=false
rdpproxy: INFO (6303/6303) -- Enable TLS
rdpproxy: INFO (6303/6303) -- CC Send: PROTOCOL TLS
rdpproxy: INFO (6303/6303) -- SocketTransport::enable_server_tls() start (RDP Client)
rdpproxy: INFO (6303/6303) -- Enable server TLS
rdpproxy: INFO (6303/6303) -- TLSContext::enable_server_tls() set SSL options
rdpproxy: INFO (6303/6303) -- TLSContext::enable_server_tls() set SSL cipher list
rdpproxy: INFO (6303/6303) -- TLSContext::X509_get_pubkey()
rdpproxy: INFO (6303/6303) -- TLSContext::i2d_PublicKey()
rdpproxy: INFO (6303/6303) -- TLSContext::i2d_PublicKey()
rdpproxy: INFO (6303/6303) -- Incoming connection to Bastion using TLS version TLSv1.2
rdpproxy: INFO (6303/6303) -- TLSContext::Negociated cipher used ECDHE-RSA-AES256-GCM-SHA384
rdpproxy: INFO (6303/6303) -- SocketTransport::enable_server_tls() done (RDP Client)
rdpproxy: INFO (6303/6303) -- partial_recv_tls error:00000005:lib(0):func(0):DH lib
rdpproxy: ERR (6303/6303) -- SocketTransport::do_partial_read: Failed to read from socket RDP Client!
rdpproxy: INFO (6303/6303) -- got SIGPIPE(13) : ignoring
rdpproxy: INFO (6303/6303) -- Failure in SSL library, error=5, Broken pipe [32]
rdpproxy: INFO (6303/6303) -- partial_send_tls error:00000005:lib(0):func(0):DH lib
rdpproxy: WARNING (6303/6303) -- SocketTransport::Send failed on RDP Client (-1) errno=32 [Broken pipe]
rdpproxy: INFO (6303/6303) -- Session Init exception Exception ERR_TRANSPORT_WRITE_FAILED no: 1502
rdpproxy: INFO (6303/6303) -- Client Session Disconnected
rdpproxy: [rdpproxy] psid="15947531696303" type="DISCONNECT"
rdpproxy: [rdpproxy] psid="15947531706304" type="INCOMING_CONNECTION" src_ip="10.0.8.2" src_port="24548"
rdpproxy: INFO (6304/6304) -- Redemption 8.1.25
rdpproxy: INFO (6304/6304) -- src=10.0.8.2 sport=24548 dst=172.30.0.214 dport=3389
rdpproxy: INFO (6304/6304) -- New session on 5 (pid=6304) from 10.0.8.2 to 172.30.0.214
rdpproxy: INFO (6304/6304) -- CR Recv: PROTOCOL TLS
rdpproxy: INFO (6304/6304) -- CR Recv: PROTOCOL HYBRID
rdpproxy: INFO (6304/6304) -- CR Recv: PROTOCOL HYBRID EX
rdpproxy: INFO (6304/6304) -- -----------------> Front::incoming: TLS Support Enabled nla=false
rdpproxy: INFO (6304/6304) -- Enable TLS
rdpproxy: INFO (6304/6304) -- CC Send: PROTOCOL TLS
rdpproxy: INFO (6304/6304) -- SocketTransport::enable_server_tls() start (RDP Client)
rdpproxy: INFO (6304/6304) -- Enable server TLS
rdpproxy: INFO (6304/6304) -- TLSContext::enable_server_tls() set SSL options
rdpproxy: INFO (6304/6304) -- TLSContext::enable_server_tls() set SSL cipher list
rdpproxy: INFO (6304/6304) -- TLSContext::X509_get_pubkey()
rdpproxy: INFO (6304/6304) -- TLSContext::i2d_PublicKey()
rdpproxy: INFO (6304/6304) -- TLSContext::i2d_PublicKey()
rdpproxy: INFO (6304/6304) -- Incoming connection to Bastion using TLS version TLSv1.2
rdpproxy: INFO (6304/6304) -- TLSContext::Negociated cipher used ECDHE-RSA-AES256-GCM-SHA384
rdpproxy: INFO (6304/6304) -- SocketTransport::enable_server_tls() done (RDP Client)
rdpproxy: INFO (6304/6304) -- GCC::UserData tag=c001 length=234
rdpproxy: INFO (6304/6304) -- Client Color Depth is 32
rdpproxy: INFO (6304/6304) -- GCC::UserData tag=c004 length=12
rdpproxy: INFO (6304/6304) -- GCC::UserData tag=c002 length=12
rdpproxy: INFO (6304/6304) -- GCC::UserData tag=c003 length=56
rdpproxy: INFO (6304/6304) -- GCC::UserData tag=c006 length=8
rdpproxy: INFO (6304/6304) -- GCC::UserData tag=c00a length=8
rdpproxy: INFO (6304/6304) -- Front::incoming: Secure Settings Exchange
rdpproxy: INFO (6304/6304) -- RDP-5 Style logon
rdpproxy: INFO (6304/6304) -- Front::incoming: Keyboard Layout = 0x410
rdpproxy: INFO (6304/6304) -- Front::incoming: ACTIVATED (new license request)
rdpproxy: INFO (6304/6304) -- RDP INPUT UP AND RUNNING ==================
rdpproxy: INFO (6304/6304) -- connecting to /tmp/redemption-sesman-sock
rdpproxy: INFO (6304/6304) -- connection to /tmp/redemption-sesman-sock succeeded : socket 4
rdpproxy: INFO (6304/6304) -- flush_acl_auth_info: [email protected]
rdpproxy: WARNING (6304/6304) -- Unexpected receiving 'session_probe' - '0'
rdpproxy: WARNING (6304/6304) -- Unexpected receiving 'mode_console' - 'allow'
rdpproxy: WARNING (6304/6304) -- Unexpected receiving 'session_log_path' - 'session_log-2020-07-14-08:59PM.log'
rdpproxy: ERR (6304/6304) -- can't set directory ./2020-07-14/20:59-26a8fc84-449e-49c6-88a8-3bca2c8cd2f5 group to 33 : Operation not permitted [1]
rdpproxy: INFO (6304/6304) -- ++++++++++++++++++++ create_mod(MODULE_RDP) +++++++++++++++++++++++
rdpproxy: INFO (6304/6304) -- WindowsExecuteShellParams: Flags: 0 exe_or_file: working_dir: arguments:
rdpproxy: [rdpproxy] psid="15947531706304" user="xxx.xxx" type="TARGET_CONNECTION" target="xxx.xxx" host="172.30.0.164" port="3389"
rdpproxy: INFO (6304/6304) -- connecting to 172.30.0.164:3389
rdpproxy: INFO (6304/6304) -- connection to 172.30.0.164:3389 (172.30.0.164) succeeded : socket 7
rdpproxy: INFO (6304/6304) -- Remote RDP Server domain="" login="xxx.xxx" host="NET03"
rdpproxy: INFO (6304/6304) -- RdpNego: TLS=Enabled NLA=Enabled adminMode=Disabled
rdpproxy: INFO (6304/6304) -- Server key layout is 0x410
rdpproxy: INFO (6304/6304) -- **** Start Negociation
rdpproxy: WARNING (6304/6304) -- Unexpected receiving 'session_probe' - '0'
rdpproxy: WARNING (6304/6304) -- Unexpected receiving 'mode_console' - 'allow'
rdpproxy: WARNING (6304/6304) -- Unexpected receiving 'session_log_path' - 'session_log-2020-07-14-08:59PM.log'
rdpproxy: INFO (6304/6304) -- RdpNego::NEGO_STATE_NLA
rdpproxy: INFO (6304/6304) -- NEG_RSP_TYPE=2 NEG_RSP_FLAGS=31 NEG_RSP_LENGTH=8 NEG_RSP_SELECTED_PROTOCOL=2
rdpproxy: INFO (6304/6304) -- CC Recv: PROTOCOL HYBRID
rdpproxy: INFO (6304/6304) -- activating TLS (HYBRID)
rdpproxy: INFO (6304/6304) -- Client TLS start
rdpproxy: INFO (6304/6304) -- TLS Client cipher list: ALL
rdpproxy: INFO (6304/6304) -- SSL_connect()
rdpproxy: INFO (6304/6304) -- RdpNego::recv_next_data::SslHybrid
rdpproxy: INFO (6304/6304) -- RdpNego::recv_next_data::SslHybrid
rdpproxy: INFO (6304/6304) -- SSL_get_peer_certificate()
rdpproxy: INFO (6304/6304) -- certificate directory is: '/etc/rdpproxy/cert/'
rdpproxy: INFO (6304/6304) -- certificate file is: '/etc/rdpproxy/cert//rdp,172.30.0.164,3389,X509.pem'
rdpproxy: INFO (6304/6304) -- nb1=1046 nb2=1046
rdpproxy: INFO (6304/6304) -- TLS::X509 existing::issuer=CN = Srv-Master
rdpproxy: INFO (6304/6304) -- TLS::X509 existing::subject=CN = Srv-Master
rdpproxy: INFO (6304/6304) -- TLS::X509 existing::fingerprint=3b:ea:95:9c:c4:21:77:c9:b2:08:ef:f8:38:92:58:7e:b9:f2:59:8f
rdpproxy: INFO (6304/6304) -- TLS::X509::issuer=CN = Srv-Master
rdpproxy: INFO (6304/6304) -- TLS::X509::subject=CN = Srv-Master
rdpproxy: INFO (6304/6304) -- TLS::X509::fingerprint=3b:ea:95:9c:c4:21:77:c9:b2:08:ef:f8:38:92:58:7e:b9:f2:59:8f
rdpproxy: INFO (6304/6304) -- TLSContext::X509_get_pubkey()
rdpproxy: INFO (6304/6304) -- TLSContext::i2d_PublicKey()
rdpproxy: INFO (6304/6304) -- Connected to target using TLS version TLSv1.2
rdpproxy: INFO (6304/6304) -- SocketTransport::enable_client_tls() done
rdpproxy: INFO (6304/6304) -- activating CREDSSP
rdpproxy: [RDP Session] session_id="0000" client_ip="10.0.8.2" target_ip="172.30.0.164" user="xxx.xxx" device="172.30.0.164" service="" account="xxx.xxx" type="SERVER_CERTIFICATE_MATCH_SUCCESS" description="X.509 server certificate match"
rdpproxy: [RDP Session] session_id="0000" client_ip="10.0.8.2" target_ip="172.30.0.164" user="xxx.xxx" device="172.30.0.164" service="" account="xxx.xxx" type="CERTIFICATE_CHECK_SUCCESS" description="Connexion to server allowed"
rdpproxy: INFO (6304/6304) -- RdpNego::recv_next_data::Credssp
rdpproxy: INFO (6304/6304) -- Target Name (56 20)
rdpproxy: INFO (6304/6304) -- /* 0000 / 0x53, 0x00, 0x52, 0x00, 0x56, 0x00, 0x2d, 0x00, 0x4d, 0x00, 0x41, 0x00, 0x53, 0x00, 0x54, 0x00, // S.R.V.-.M.A.S.T.
rdpproxy: INFO (6304/6304) -- / 0010 / 0x45, 0x00, 0x52, 0x00, // E.R.
rdpproxy: INFO (6304/6304) -- Target Info (76 112)
rdpproxy: INFO (6304/6304) -- / 0000 / 0x02, 0x00, 0x14, 0x00, 0x53, 0x00, 0x52, 0x00, 0x56, 0x00, 0x2d, 0x00, 0x4d, 0x00, 0x41, 0x00, // ....S.R.V.-.M.A.
rdpproxy: INFO (6304/6304) -- / 0010 / 0x53, 0x00, 0x54, 0x00, 0x45, 0x00, 0x52, 0x00, 0x01, 0x00, 0x14, 0x00, 0x53, 0x00, 0x52, 0x00, // S.T.E.R.....S.R.
rdpproxy: INFO (6304/6304) -- / 0020 / 0x56, 0x00, 0x2d, 0x00, 0x4d, 0x00, 0x41, 0x00, 0x53, 0x00, 0x54, 0x00, 0x45, 0x00, 0x52, 0x00, // V.-.M.A.S.T.E.R.
rdpproxy: INFO (6304/6304) -- / 0030 / 0x04, 0x00, 0x14, 0x00, 0x53, 0x00, 0x72, 0x00, 0x76, 0x00, 0x2d, 0x00, 0x4d, 0x00, 0x61, 0x00, // ....S.r.v.-.M.a.
rdpproxy: INFO (6304/6304) -- / 0040 / 0x73, 0x00, 0x74, 0x00, 0x65, 0x00, 0x72, 0x00, 0x03, 0x00, 0x14, 0x00, 0x53, 0x00, 0x72, 0x00, // s.t.e.r.....S.r.
rdpproxy: INFO (6304/6304) -- / 0050 / 0x76, 0x00, 0x2d, 0x00, 0x4d, 0x00, 0x61, 0x00, 0x73, 0x00, 0x74, 0x00, 0x65, 0x00, 0x72, 0x00, // v.-.M.a.s.t.e.r.
rdpproxy: INFO (6304/6304) -- / 0060 / 0x07, 0x00, 0x08, 0x00, 0x88, 0x60, 0xcb, 0xe8, 0x10, 0x5a, 0xd6, 0x01, 0x00, 0x00, 0x00, 0x00, // .....`...Z......
rdpproxy: INFO (6304/6304) -- using /dev/urandom as random source
rdpproxy: INFO (6304/6304) -- using /dev/urandom as random source
rdpproxy: INFO (6304/6304) -- using /dev/urandom as random source
rdpproxy: INFO (6304/6304) -- RdpNego::recv_next_data::Credssp
rdpproxy: INFO (6304/6304) -- TSCredentialsPassword: Domain User Password
rdpproxy: INFO (6304/6304) -- Sending CS_CORE to server: color_depth 24
rdpproxy: INFO (6304/6304) -- CS_Cluster: Server Redirection Supported
rdpproxy: INFO (6304/6304) -- ChannelDef[0]::(name = rdpdr, flags = 0x80800000, chanid = 1004)
rdpproxy: INFO (6304/6304) -- ChannelDef[1]::(name = rdpsnd, flags = 0xC0000000, chanid = 1005)
rdpproxy: INFO (6304/6304) -- ChannelDef[2]::(name = cliprdr, flags = 0xC0A00000, chanid = 1006)
rdpproxy: INFO (6304/6304) -- ChannelDef[3]::(name = drdynvc, flags = 0xC0800000, chanid = 1007)
rdpproxy: INFO (6304/6304) -- GCC::UserData tag=0c01 length=16
rdpproxy: INFO (6304/6304) -- GCC::UserData tag=0c03 length=16
rdpproxy: INFO (6304/6304) -- GCC::UserData tag=0c02 length=12
rdpproxy: INFO (6304/6304) -- =================== SC_SECURITY =============
rdpproxy: INFO (6304/6304) -- No encryption
rdpproxy: INFO (6304/6304) -- send extended login info (RDP5-style) 107fb :xxx.xxx
rdpproxy: INFO (6304/6304) -- RdpNegociation: Get license: username="xxx.xxx"
rdpproxy: INFO (6304/6304) -- RdpNegociation: get_license LIC::RecvFactory::bMsgType=255
rdpproxy: INFO (6304/6304) -- / 0000 */ 0xff, 0x03, 0x10, 0x00, 0x07, 0x00, 0x00, 0x00, 0x02, 0x00, 0x00, 0x00, 0x04, 0x00, 0x00, 0x00, // ................
rdpproxy: INFO (6304/6304) -- mod_rdp::recv_demand_active
rdpproxy: INFO (6304/6304) -- use rdp5
rdpproxy: INFO (6304/6304) -- Rdp::receiving the server-to-client Monitor Layout PDU MonitorLayoutPDU monitorCount=1 ((left=0, top=0, right=1919, bottom=1079, primary=yes(0x1)))
rdpproxy: INFO (6304/6304) -- Resizing to 1920x1080x16
rdpproxy: INFO (6304/6304) -- Server_resize: Resizing client to : 1920 x 1080 x 24
rdpproxy: INFO (6304/6304) -- ---<> Front::can_be_start_capture <>---
rdpproxy: INFO (6304/6304) -- Enable capture: wrm=no png=no kbd=yes video=yes video_full=no pattern=no ocr=no meta=no
rdpproxy: INFO (6304/6304) -- Video recording: codec: mp4, frame_rate: 10, options: profile=baseline preset=medium flags=+qscale b=30000
rdpproxy: [RDP Session] session_id="0000" client_ip="10.0.8.2" target_ip="172.30.0.164" user="xxx.xxx" device="172.30.0.164" service="" account="xxx.xxx" type="SESSION_ESTABLISHED_SUCCESSFULLY"
rdpproxy: INFO (6304/6304) -- all_allowed=Yes
rdpproxy: INFO (6304/6304) -- all_denied=No
rdpproxy: [RDP Session] session_id="0000" client_ip="10.0.8.2" target_ip="172.30.0.164" user="xxx.xxx" device="172.30.0.164" service="" account="xxx.xxx" type="DYNAMIC_CHANNEL_CREATION_ALLOWED" channel_name="Microsoft::Windows::RDS::Telemetry"
rdpproxy: [RDP Session] session_id="0000" client_ip="10.0.8.2" target_ip="172.30.0.164" user="xxx.xxx" device="172.30.0.164" service="" account="xxx.xxx" type="DYNAMIC_CHANNEL_CREATION_ALLOWED" channel_name="ECHO"
rdpproxy: [RDP Session] session_id="0000" client_ip="10.0.8.2" target_ip="172.30.0.164" user="xxx.xxx" device="172.30.0.164" service="" account="xxx.xxx" type="DYNAMIC_CHANNEL_CREATION_ALLOWED" channel_name="Microsoft::Windows::RDS::Video::Control::v08.01"
rdpproxy: [RDP Session] session_id="0000" client_ip="10.0.8.2" target_ip="172.30.0.164" user="xxx.xxx" device="172.30.0.164" service="" account="xxx.xxx" type="DYNAMIC_CHANNEL_CREATION_ALLOWED" channel_name="Microsoft::Windows::RDS::Video::Data::v08.01"
rdpproxy: [RDP Session] session_id="0000" client_ip="10.0.8.2" target_ip="172.30.0.164" user="xxx.xxx" device="172.30.0.164" service="" account="xxx.xxx" type="DYNAMIC_CHANNEL_CREATION_ALLOWED" channel_name="Microsoft::Windows::RDS::Geometry::v08.01"
rdpproxy: INFO (6304/6304) -- process save session info : Logon long
rdpproxy: INFO (6304/6304) -- Logon Info Version 2 (data): Domain="SRV-MASTER" UserName="xxx.xxx" SessionId=3
rdpproxy: INFO (6304/6304) -- process save session info : Logon extended info
rdpproxy: INFO (6304/6304) -- process save session info : Auto-reconnect cookie
rdpproxy: INFO (6304/6304) -- ServerAutoReconnectPacket: Version=1 LogonId=3
rdpproxy: INFO (6304/6304) -- 0000 ab 21 21 a1 28 31 c4 66 e5 8d a4 c3 a5 00 56 e0 .!!.(1.f......V.
rdpproxy: [RDP Session] session_id="0000" client_ip="10.0.8.2" target_ip="172.30.0.164" user="xxx.xxx" device="172.30.0.164" service="" account="xxx.xxx" type="DYNAMIC_CHANNEL_CREATION_ALLOWED" channel_name="AUDIO_PLAYBACK_DVC"
rdpproxy: [RDP Session] session_id="0000" client_ip="10.0.8.2" target_ip="172.30.0.164" user="xxx.xxx" device="172.30.0.164" service="" account="xxx.xxx" type="DYNAMIC_CHANNEL_CREATION_ALLOWED" channel_name="Microsoft::Windows::RDS::Input"
rdpproxy: [RDP Session] session_id="0000" client_ip="10.0.8.2" target_ip="172.30.0.164" user="xxx.xxx" device="172.30.0.164" service="" account="xxx.xxx" type="DYNAMIC_CHANNEL_CREATION_ALLOWED" channel_name="Microsoft::Windows::RDS::Geometry::v08.01"
rdpproxy: [RDP Session] session_id="0000" client_ip="10.0.8.2" target_ip="172.30.0.164" user="xxx.xxx" device="172.30.0.164" service="" account="xxx.xxx" type="DYNAMIC_CHANNEL_CREATION_ALLOWED" channel_name="AUDIO_PLAYBACK_LOSSY_DVC"
rdpproxy: [RDP Session] session_id="0000" client_ip="10.0.8.2" target_ip="172.30.0.164" user="xxx.xxx" device="172.30.0.164" service="" account="xxx.xxx" type="DYNAMIC_CHANNEL_CREATION_ALLOWED" channel_name="Microsoft::Windows::RDS::Geometry::v08.01"
rdpproxy: [RDP Session] session_id="0000" client_ip="10.0.8.2" target_ip="172.30.0.164" user="xxx.xxx" device="172.30.0.164" service="" account="xxx.xxx" type="DYNAMIC_CHANNEL_CREATION_ALLOWED" channel_name="Microsoft::Windows::RDS::DisplayControl"
rdpproxy: [RDP Session] session_id="0000" client_ip="10.0.8.2" target_ip="172.30.0.164" user="xxx.xxx" device="172.30.0.164" service="" account="xxx.xxx" type="DYNAMIC_CHANNEL_CREATION_ALLOWED" channel_name="Microsoft::Windows::RDS::Geometry::v08.01"

rdpproxy.ini options --> disconnect_on_logon_user_change = 1

I changed the options.

In file rdpproxy.ini :
disconnect_on_logon_user_change = 1

After changing the option, I cannot connect to the server.

logs :
rdpproxy: INFO (147/147) -- Logon Info Version 2 (data): Domain="WIN-CJ7EQF887VU" UserName="Administrator" SessionId=1
rdpproxy: ERR (147/147) -- Unauthorized logon user change detected on MARK2-PC (administrator) -> (WIN-CJ7EQF887VU\Administrator). The session will be disconnected.
rdpproxy: INFO (147/147) -- mod_rdp::draw_event() state switch raised exception
rdpproxy: INFO (147/147) -- ---<> Front::must_be_stop_capture <>---

docker build error

When I build the dockerfile like this:
docker build .
Execution to the last step error：

Step 6/9 : RUN mkdir -p /gcc/
 ---> Running in e741e0d7632e
Removing intermediate container e741e0d7632e
 ---> b7fdc40fd36a
Step 7/9 : WORKDIR /gcc/
 ---> Running in c3886f017f67
Removing intermediate container c3886f017f67
 ---> d796f850b79c
Step 8/9 : COPY . /gcc/
 ---> 7d97ea13a01d
Step 9/9 : RUN bjam -q --toolset=gcc cxxflags='-DREDEMPTION_DISABLE_NO_BOOST_PREPROCESSOR_WARNING' rdpproxy
 ---> Running in b0c0d6720b9d
error: Unable to find file or target named
error:     'modules/ppocr/src/ppocr/box_char/box.cpp'
error: referred to from project at
error:     '.'

The command '/bin/sh -c bjam -q --toolset=gcc cxxflags='-DREDEMPTION_DISABLE_NO_BOOST_PREPROCESSOR_WARNING' rdpproxy' returned a non-zero code: 1

Feature request: Enable authentifier to validate target server certificates

Motivation

Many RDP hosts might not have domain CA signed server certificates which could be validated by chain validation. Many RDP hosts might not even be part of a domain. This leads to certificate pinning with TOFU.

ReDemPtion currently can store pinned certificates to filesystem with the option "server_cert_store". This is fine for single node systems, but in a multi node system it would lead to cert stores being out of sync and thus allowing MITM attacks.

Solution

Allow target RDP certificate to be passed to authentifier for validation and global storing.

Implementation plan

Add a callback function to ServerNotifier interface than would be called in TlsContext::check_certificate if set.
Add a new field to "module" = "RDP" message (not sure if "VNC" or "XUP" are applicable) that would trigger passing server certificate for validation, for example "server_cert_callback" = "1"

I am willing to implement this, but is this something you would consider integrating given a pull request? Does the implementation plan sound reasonable?

Convert .mwrm/.wrm capture to video

/gcc/tools/redrec /gcc/bin/gcc-7/release/libredrec.so -f --video-codec mp4 -i file.wrm -o output_prefix

Output file is "/var/rdpproxy/recorded/rdp/output_prefix".
Error: Open file failed

Is the usage correct?

remoteapp: proxy windows

Hi,

I tested RemoteApp through the proxy (using passthrough authentifier)
I always get the AdminBastion window. Is it expected?

How do I proxy RemoteApps from the 3rd party remote host ?

Unable to compile "modules/ppocr/src/ppocr/box_char/box.cpp"

Hi,

Try to install redemption on debian 9 but have some issue after bjam command.

/redemption# bjam toolset=gcc
error: Unable to find file or target named
error:     'modules/ppocr/src/ppocr/box_char/box.cpp'
error: referred to from project at
error:     '.'

Slow Screen Rendering

High,
When connecting to an RDP server through Redemption, there is a sensible slow screen rendering. Especially, when creating another RDP connection inside the proxied RDP session, rendering will be much slower. Is there any configuration parameter that can increase rendering speed?

Mouse and Keyboard Lag

Hi,
There is a little sensible mouse and keyboard lag in RDP sessions. Is there any configuration parameter that can reduce the mentioned lag?

7.2.23: unable to connect to any Windows 2008 R2 RDP

Hi,

I'm unable to connect to any Windows 2008 R2 server using 7.2.23

'RDP' failed at RDP_NEGO state. Fail during TLS security exchange

Is there a way to fix it ?

Aug 15 13:37:12 rdprx01 rdpproxy: [rdpproxy] psid="156586903227308" type="INCOMING_CONNECTION" src_ip="192.168.1.214" src_port="65534"
Aug 15 13:37:12 rdprx01 rdpproxy: INFO (27308/27308) -- Redemption 7.2.23
Aug 15 13:37:12 rdprx01 rdpproxy: INFO (27308/27308) -- src=192.168.1.214 sport=65534 dst=192.168.1.19 dport=3389
Aug 15 13:37:12 rdprx01 rdpproxy: INFO (27308/27308) -- New session on 5 (pid=27308) from 192.168.1.214 to 192.168.1.19
Aug 15 13:37:12 rdprx01 rdpproxy: INFO (27308/27308) -- CR Recv: PROTOCOL TLS
Aug 15 13:37:12 rdprx01 rdpproxy: INFO (27308/27308) -- CR Recv: PROTOCOL HYBRID
Aug 15 13:37:12 rdprx01 rdpproxy: INFO (27308/27308) -- CR Recv: PROTOCOL HYBRID EX
Aug 15 13:37:12 rdprx01 rdpproxy: INFO (27308/27308) -- -----------------> Front::incoming: TLS Support Enabled
Aug 15 13:37:12 rdprx01 rdpproxy: INFO (27308/27308) -- CC Send: PROTOCOL TLS
Aug 15 13:37:12 rdprx01 rdpproxy: INFO (27308/27308) -- SocketTransport::enable_server_tls() start
Aug 15 13:37:12 rdprx01 rdpproxy: INFO (27308/27308) -- TLSContext::enable_server_tls() set SSL options
Aug 15 13:37:12 rdprx01 rdpproxy: INFO (27308/27308) -- TLSContext::X509_get_pubkey()
Aug 15 13:37:12 rdprx01 rdpproxy: INFO (27308/27308) -- TLSContext::i2d_PublicKey()
Aug 15 13:37:12 rdprx01 rdpproxy: INFO (27308/27308) -- TLSContext::i2d_PublicKey()
Aug 15 13:37:12 rdprx01 rdpproxy: INFO (27308/27308) -- Incoming connection to Bastion using TLS version TLSv1.2
Aug 15 13:37:12 rdprx01 rdpproxy: INFO (27308/27308) -- TLSContext::Negociated cipher used ECDHE-RSA-AES256-GCM-SHA384
Aug 15 13:37:12 rdprx01 rdpproxy: INFO (27308/27308) -- SocketTransport::enable_server_tls() done
Aug 15 13:37:12 rdprx01 rdpproxy: INFO (27308/27308) -- partial_recv_tls error:00000005:lib(0):func(0):DH lib
Aug 15 13:37:12 rdprx01 rdpproxy: INFO (27308/27308) -- got SIGPIPE(13) : ignoring
Aug 15 13:37:12 rdprx01 rdpproxy: INFO (27308/27308) -- Failure in SSL library, error=5, Broken pipe [32]
Aug 15 13:37:12 rdprx01 rdpproxy: INFO (27308/27308) -- partial_send_tls error:00000005:lib(0):func(0):DH lib
Aug 15 13:37:12 rdprx01 rdpproxy: WARNING (27308/27308) -- SocketTransport::Send failed on RDP Client (5) errno=32 [Broken pipe]
Aug 15 13:37:12 rdprx01 rdpproxy: INFO (27308/27308) -- Session::Session Init exception = Exception ERR_TRANSPORT_WRITE_FAILED no: 1502!
Aug 15 13:37:12 rdprx01 rdpproxy: INFO (27308/27308) -- Session::Client Session Disconnected
Aug 15 13:37:12 rdprx01 rdpproxy: [rdpproxy] psid="156586903227308" type="DISCONNECT" reason="Exception ERR_TRANSPORT_WRITE_FAILED no: 1502"
Aug 15 13:37:14 rdprx01 rdpproxy: [rdpproxy] psid="156586903427309" type="INCOMING_CONNECTION" src_ip="192.168.1.214" src_port="49152"
Aug 15 13:37:14 rdprx01 rdpproxy: INFO (27309/27309) -- Redemption 7.2.23
Aug 15 13:37:14 rdprx01 rdpproxy: INFO (27309/27309) -- src=192.168.1.214 sport=49152 dst=192.168.1.19 dport=3389
Aug 15 13:37:14 rdprx01 rdpproxy: INFO (27309/27309) -- New session on 5 (pid=27309) from 192.168.1.214 to 192.168.1.19
Aug 15 13:37:14 rdprx01 rdpproxy: INFO (27309/27309) -- CR Recv: PROTOCOL TLS
Aug 15 13:37:14 rdprx01 rdpproxy: INFO (27309/27309) -- CR Recv: PROTOCOL HYBRID
Aug 15 13:37:14 rdprx01 rdpproxy: INFO (27309/27309) -- CR Recv: PROTOCOL HYBRID EX
Aug 15 13:37:14 rdprx01 rdpproxy: INFO (27309/27309) -- -----------------> Front::incoming: TLS Support Enabled
Aug 15 13:37:14 rdprx01 rdpproxy: INFO (27309/27309) -- CC Send: PROTOCOL TLS
Aug 15 13:37:14 rdprx01 rdpproxy: INFO (27309/27309) -- SocketTransport::enable_server_tls() start
Aug 15 13:37:14 rdprx01 rdpproxy: INFO (27309/27309) -- TLSContext::enable_server_tls() set SSL options
Aug 15 13:37:14 rdprx01 rdpproxy: INFO (27309/27309) -- TLSContext::X509_get_pubkey()
Aug 15 13:37:14 rdprx01 rdpproxy: INFO (27309/27309) -- TLSContext::i2d_PublicKey()
Aug 15 13:37:14 rdprx01 rdpproxy: INFO (27309/27309) -- TLSContext::i2d_PublicKey()
Aug 15 13:37:14 rdprx01 rdpproxy: INFO (27309/27309) -- Incoming connection to Bastion using TLS version TLSv1.2
Aug 15 13:37:14 rdprx01 rdpproxy: INFO (27309/27309) -- TLSContext::Negociated cipher used ECDHE-RSA-AES256-GCM-SHA384
Aug 15 13:37:14 rdprx01 rdpproxy: INFO (27309/27309) -- SocketTransport::enable_server_tls() done
Aug 15 13:37:14 rdprx01 rdpproxy: INFO (27309/27309) -- GCC::UserData tag=c001 length=234
Aug 15 13:37:14 rdprx01 rdpproxy: INFO (27309/27309) -- GCC::UserData tag=c004 length=12
Aug 15 13:37:14 rdprx01 rdpproxy: INFO (27309/27309) -- GCC::UserData tag=c002 length=12
Aug 15 13:37:14 rdprx01 rdpproxy: INFO (27309/27309) -- GCC::UserData tag=c003 length=56
Aug 15 13:37:14 rdprx01 rdpproxy: INFO (27309/27309) -- GCC::UserData tag=c006 length=8
Aug 15 13:37:14 rdprx01 rdpproxy: INFO (27309/27309) -- GCC::UserData tag=c00a length=8
Aug 15 13:37:14 rdprx01 rdpproxy: INFO (27309/27309) -- Front::incoming: TLS mode: exchange packet disabled
Aug 15 13:37:14 rdprx01 rdpproxy: INFO (27309/27309) -- Front::incoming: Secure Settings Exchange
Aug 15 13:37:14 rdprx01 rdpproxy: INFO (27309/27309) -- RDP-5 Style logon
Aug 15 13:37:14 rdprx01 rdpproxy: INFO (27309/27309) -- Front::incoming: Keyboard Layout = 0x40c
Aug 15 13:37:14 rdprx01 rdpproxy: INFO (27309/27309) -- Front::incoming: ACTIVATED (new license request)
Aug 15 13:37:14 rdprx01 rdpproxy: INFO (27309/27309) -- Front::incoming: (Fast-Path) Synchronize Event toggleFlags=0x2
Aug 15 13:37:14 rdprx01 rdpproxy: INFO (27309/27309) -- Front::process_data: asking for selector
Aug 15 13:37:14 rdprx01 rdpproxy: INFO (27309/27309) -- connecting to /var/run/rdpproxy/auth.sock
Aug 15 13:37:14 rdprx01 rdpproxy: INFO (27309/27309) -- connection to /var/run/rdpproxy/auth.sock succeeded : socket 4
Aug 15 13:37:14 rdprx01 rdpproxy: INFO (27309/27309) -- ModuleManager::internal module 'Transition' loaded
Aug 15 13:37:14 rdprx01 rdpproxy: INFO (27309/27309) -- ===========> MODULE_NEXT
Aug 15 13:37:14 rdprx01 rdpproxy: INFO (27309/27309) -- ----------> ACL next_module <--------
Aug 15 13:37:14 rdprx01 rdpproxy: INFO (27309/27309) -- ===========> MODULE_INTERACTIVE_TARGET
Aug 15 13:37:14 rdprx01 rdpproxy: INFO (27309/27309) -- ----------> ACL new_mod <--------
Aug 15 13:37:14 rdprx01 rdpproxy: INFO (27309/27309) -- target_module=MODULE_INTERNAL_TARGET(12)
Aug 15 13:37:14 rdprx01 rdpproxy: INFO (27309/27309) -- ModuleManager::Creation of internal module 'Interactive Target'
Aug 15 13:37:14 rdprx01 rdpproxy: INFO (27309/27309) -- ModuleManager::internal module 'Interactive Target' ready
Aug 15 13:37:14 rdprx01 rdpproxy: INFO (27309/27309) -- Front::incoming: (Fast-Path) Synchronize Event toggleFlags=0x2
Aug 15 13:37:14 rdprx01 rdpproxy: INFO (27309/27309) -- Front::incoming: (Fast-Path) Synchronize Event toggleFlags=0x2
Aug 15 13:37:19 rdprx01 rdpproxy: INFO (27309/27309) -- ModuleManager::internal module 'Transition' loaded
Aug 15 13:37:19 rdprx01 rdpproxy: INFO (27309/27309) -- ===========> MODULE_NEXT
Aug 15 13:37:19 rdprx01 rdpproxy: INFO (27309/27309) -- ----------> ACL next_module <--------
Aug 15 13:37:19 rdprx01 rdpproxy: INFO (27309/27309) -- ===============> MODULE_SELECTOR
Aug 15 13:37:19 rdprx01 rdpproxy: INFO (27309/27309) -- ----------> ACL new_mod <--------
Aug 15 13:37:19 rdprx01 rdpproxy: INFO (27309/27309) -- target_module=MODULE_INTERNAL_WIDGET_SELECTOR(15)
Aug 15 13:37:19 rdprx01 rdpproxy: INFO (27309/27309) -- ModuleManager::Creation of internal module 'selector'
Aug 15 13:37:21 rdprx01 rdpproxy: INFO (27309/27309) -- ModuleManager::internal module 'Transition' loaded
Aug 15 13:37:21 rdprx01 rdpproxy: WARNING (27309/27309) -- parsing error with parameter 'mode_console' in section [context] for "deny": unknown value
Aug 15 13:37:21 rdprx01 rdpproxy: INFO (27309/27309) -- ===========> MODULE_NEXT
Aug 15 13:37:21 rdprx01 rdpproxy: INFO (27309/27309) -- ----------> ACL next_module <--------
Aug 15 13:37:21 rdprx01 rdpproxy: INFO (27309/27309) -- ===========> MODULE_RDP
Aug 15 13:37:21 rdprx01 rdpproxy: INFO (27309/27309) -- ----------> ACL new_mod <--------
Aug 15 13:37:21 rdprx01 rdpproxy: INFO (27309/27309) -- target_module=MODULE_RDP(2)
Aug 15 13:37:21 rdprx01 rdpproxy: WARNING (27309/27309) -- AclSerializer::start_session_log: failed to extract date
Aug 15 13:37:21 rdprx01 rdpproxy: INFO (27309/27309) -- ModuleManager::Creation of new mod 'RDP'
Aug 15 13:37:21 rdprx01 rdpproxy: [rdpproxy] psid="156586903427309" user="Administrateur" type="TARGET_CONNECTION" target="Administrateur" host="192.168.1.46" port="3389"
Aug 15 13:37:21 rdprx01 rdpproxy: INFO (27309/27309) -- connecting to 192.168.1.46:3389
Aug 15 13:37:21 rdprx01 rdpproxy: INFO (27309/27309) -- connection to 192.168.1.46:3389 (192.168.1.46) succeeded : socket 7
Aug 15 13:37:21 rdprx01 rdpproxy: INFO (27309/27309) -- Remote RDP Server domain="" login="Administrateur" host="DESKTOP-DTOUZEA"
Aug 15 13:37:21 rdprx01 rdpproxy: INFO (27309/27309) -- RdpNego: TLS=Enabled NLA=Enabled adminMode=Disabled
Aug 15 13:37:21 rdprx01 rdpproxy: INFO (27309/27309) -- Server key layout is 40c
Aug 15 13:37:21 rdprx01 rdpproxy: INFO (27309/27309) -- ModuleManager::Creation of new mod 'RDP' suceeded
Aug 15 13:37:21 rdprx01 rdpproxy: INFO (27309/27309) -- RdpNego::NEGO_STATE_INITIAL
Aug 15 13:37:21 rdprx01 rdpproxy: WARNING (27309/27309) -- parsing error with parameter 'mode_console' in section [context] for "deny": unknown value
Aug 15 13:37:21 rdprx01 rdpproxy: INFO (27309/27309) -- RdpNego::NEGO_STATE_NLA
Aug 15 13:37:21 rdprx01 rdpproxy: INFO (27309/27309) -- NEG_RSP_TYPE=2 NEG_RSP_FLAGS=9 NEG_RSP_LENGTH=8 NEG_RSP_SELECTED_PROTOCOL=2
Aug 15 13:37:21 rdprx01 rdpproxy: INFO (27309/27309) -- CC Recv: PROTOCOL HYBRID
Aug 15 13:37:21 rdprx01 rdpproxy: INFO (27309/27309) -- activating TLS (HYBRID)
Aug 15 13:37:21 rdprx01 rdpproxy: INFO (27309/27309) -- Client TLS start
Aug 15 13:37:21 rdprx01 rdpproxy: INFO (27309/27309) -- SSL_connect()
Aug 15 13:37:21 rdprx01 rdpproxy: INFO (27309/27309) -- RdpNego::recv_next_data::SslHybrid
Aug 15 13:37:21 rdprx01 rdpproxy: ERR (27309/27309) -- TLSContext::enable_client_tls: I/O error
Aug 15 13:37:21 rdprx01 rdpproxy: ERR (27309/27309) -- enable_client_tls fail
Aug 15 13:37:21 rdprx01 rdpproxy: INFO (27309/27309) -- activating CREDSSP
Aug 15 13:37:21 rdprx01 rdpproxy: INFO (27309/27309) -- Credssp: NTLM Authentication
Aug 15 13:37:21 rdprx01 rdpproxy: INFO (27309/27309) -- Credssp TSCredentials::emit() Local Version 6
Aug 15 13:37:21 rdprx01 rdpproxy: INFO (27309/27309) -- got SIGPIPE(13) : ignoring
Aug 15 13:37:21 rdprx01 rdpproxy: WARNING (27309/27309) -- SocketTransport::Send failed on RDP Target (7) errno=32 [Broken pipe]
Aug 15 13:37:21 rdprx01 rdpproxy: INFO (27309/27309) -- NLA/CREDSSP NTLM Authentication Failed (1)
Aug 15 13:37:21 rdprx01 rdpproxy: INFO (27309/27309) -- RdpNego::fallback_to_tls
Aug 15 13:37:21 rdprx01 rdpproxy: INFO (27309/27309) -- connecting to 192.168.1.46:3389
Aug 15 13:37:21 rdprx01 rdpproxy: INFO (27309/27309) -- connection to 192.168.1.46:3389 (192.168.1.46) succeeded : socket 7
Aug 15 13:37:21 rdprx01 rdpproxy: INFO (27309/27309) -- Can't activate NLA
Aug 15 13:37:21 rdprx01 rdpproxy: INFO (27309/27309) -- falling back to SSL only
Aug 15 13:37:21 rdprx01 rdpproxy: INFO (27309/27309) -- RdpNego::NEGO_STATE_NLA
Aug 15 13:37:21 rdprx01 rdpproxy: INFO (27309/27309) -- NEG_RSP_TYPE=2 NEG_RSP_FLAGS=9 NEG_RSP_LENGTH=8 NEG_RSP_SELECTED_PROTOCOL=1
Aug 15 13:37:21 rdprx01 rdpproxy: INFO (27309/27309) -- CC Recv: PROTOCOL TLS
Aug 15 13:37:21 rdprx01 rdpproxy: INFO (27309/27309) -- activating TLS
Aug 15 13:37:21 rdprx01 rdpproxy: INFO (27309/27309) -- Client TLS start
Aug 15 13:37:21 rdprx01 rdpproxy: INFO (27309/27309) -- SSL_connect()
Aug 15 13:37:21 rdprx01 rdpproxy: INFO (27309/27309) -- RdpNego::recv_next_data::TLS
Aug 15 13:37:21 rdprx01 rdpproxy: ERR (27309/27309) -- TLSContext::enable_client_tls: I/O error
Aug 15 13:37:21 rdprx01 rdpproxy: ERR (27309/27309) -- enable_client_tls fail
Aug 15 13:37:21 rdprx01 rdpproxy: INFO (27309/27309) -- CS_Cluster: Server Redirection Supported
Aug 15 13:37:21 rdprx01 rdpproxy: INFO (27309/27309) -- got SIGPIPE(13) : ignoring
Aug 15 13:37:21 rdprx01 rdpproxy: WARNING (27309/27309) -- SocketTransport::Send failed on RDP Target (7) errno=32 [Broken pipe]
Aug 15 13:37:21 rdprx01 rdpproxy: ERR (27309/27309) -- Creation of new mod 'RDP' failed at RDP_NEGO state. Fail during TLS security exchange.
Aug 15 13:37:21 rdprx01 rdpproxy: ERR (27309/27309) -- Session::Session exception (2) = Unknown Backend
Aug 15 13:37:21 rdprx01 rdpproxy: INFO (27309/27309) -- ----------> ACL invoke_close_box <--------
Aug 15 13:37:21 rdprx01 rdpproxy: [RDP Session] session_id="2019-08-15-13-37:1-2-1" client_ip="192.168.1.214" target_ip="192.168.1.46" user="Administrateur" device="" service="" account="Administrateur" type="SESSION_DISCONNECTION" duration="0:00:00"
Aug 15 13:37:21 rdprx01 rdpproxy: [rdpproxy] psid="156586903427309" user="Administrateur" type="TARGET_DISCONNECTION" reason="Unknown backend failure."
Aug 15 13:37:21 rdprx01 rdpproxy: INFO (27309/27309) -- ----------> ACL new_mod <--------
Aug 15 13:37:21 rdprx01 rdpproxy: INFO (27309/27309) -- target_module=MODULE_INTERNAL_CLOSE(5)
Aug 15 13:37:21 rdprx01 rdpproxy: INFO (27309/27309) -- ModuleManager::Creation of new mod 'INTERNAL::Close'
Aug 15 13:37:21 rdprx01 rdpproxy: INFO (27309/27309) -- WabCloseMod: Ending session in 5 seconds
Aug 15 13:37:21 rdprx01 rdpproxy: INFO (27309/27309) -- ModuleManager::internal module Close ready
Aug 15 13:37:26 rdprx01 rdpproxy: INFO (27309/27309) -- Session::Client Session Disconnected
Aug 15 13:37:26 rdprx01 rdpproxy: [rdpproxy] psid="156586903427309" type="DISCONNECT"

Cannot get rdpproxy work as excpected

Hello

I am trying to use rdpproxy with authhook.py in order to have a working RDP proxy setup
like:
Client -> RDPproxy -> Win7 as RDP server

I tried several configurations in authhook.py and I also advised the (?) icon for specifying the connection parameters as follows:
Username: RemoteServerUser@RemoteHost:RDP:< user from authhook.py >
Password: < password from authhook.py >

I cant get it working. Do you have any idea what im doing wrong?

Thanks

Client-side NLA authentication

Hi,
Is it possible to authenticate clients using NLA, without displaying login or interactive_target screens?

howto enable clipboard between RDP client and server?

clipboard / drag and drop don't work with default settings

RDP server is a Windows 10 machine, RDP client is mstsc from another Windows 10 machine, when connecting directly (not thru redemption) clipboard / drag and drop works, via redemption it doesn't

went thru rdpproxy.ini but couldn't find any reference to how to enable this ...

Thanks!

Connection Error From Windows 7 or Windows XP TS client

here a piece of logs when connecting using a Windows 7 or Windows XP

Mar 15 22:53:08 rdp-appliance rdpproxy: [rdpproxy] psid="155268678831428" type="INCOMING_CONNECTION" src_ip="192.168.1.63" src_port="4709"
Mar 15 22:53:08 rdp-appliance rdpproxy: INFO (31428/31428) -- Redemption 7.0.9
Mar 15 22:53:08 rdp-appliance rdpproxy: INFO (31428/31428) -- src=192.168.1.63 sport=4709 dst=192.168.1.137 dport=3389
Mar 15 22:53:08 rdp-appliance rdpproxy: INFO (31428/31428) -- New session on 5 (pid=31428) from 192.168.1.63 to 192.168.1.137
Mar 15 22:53:08 rdp-appliance rdpproxy: INFO (31428/31428) -- CR Recv: PROTOCOL TLS
Mar 15 22:53:08 rdp-appliance rdpproxy: INFO (31428/31428) -- /* 0000 */ "\x03\x00\x00\x13\x0e\xe0\x00\x00\x00\x00\x00\x01\x00\x08\x00\x01" // ................
Mar 15 22:53:08 rdp-appliance rdpproxy: INFO (31428/31428) -- /* 0010 */ "\x00\x00\x00"                                                     // ...
Mar 15 22:53:08 rdp-appliance rdpproxy: INFO (31428/31428) -- -----------------> Front::incoming: TLS Support Enabled
Mar 15 22:53:08 rdp-appliance rdpproxy: INFO (31428/31428) -- CC Send: PROTOCOL TLS
Mar 15 22:53:08 rdp-appliance rdpproxy: INFO (31428/31428) -- SocketTransport::enable_server_tls() start
Mar 15 22:53:08 rdp-appliance rdpproxy: INFO (31428/31428) -- TLSContext::enable_server_tls() set SSL options
Mar 15 22:53:08 rdp-appliance rdpproxy: INFO (31428/31428) -- TLSContext::enable_server_tls() set SSL cipher list
Mar 15 22:53:08 rdp-appliance rdpproxy: INFO (31428/31428) -- TLSContext::X509_get_pubkey()
Mar 15 22:53:08 rdp-appliance rdpproxy: INFO (31428/31428) -- TLSContext::i2d_PublicKey()
Mar 15 22:53:08 rdp-appliance rdpproxy: INFO (31428/31428) -- TLSContext::i2d_PublicKey()
Mar 15 22:53:08 rdp-appliance rdpproxy: ERR (31428/31428) -- TLSContext::enable_server_tls: SSL accept error
Mar 15 22:53:08 rdp-appliance rdpproxy: ERR (31428/31428) -- print_error error:1417D102:SSL routines:tls_process_client_hello:unsupported protocol
Mar 15 22:53:08 rdp-appliance rdpproxy: ERR (31428/31428) -- Proxy data processing raised error 1605 : Exception ERR_TRANSPORT_TLS_SERVER
Mar 15 22:53:08 rdp-appliance rdpproxy: INFO (31428/31428) -- Session::Client Session Disconnected
Mar 15 22:53:08 rdp-appliance rdpproxy: [rdpproxy] psid="155268678831428" type="DISCONNECT"

Connection with from a Windows 10 client or a Linux remmina works perfectly...
Is there a workaround ?

Support in remote app

Hi,
is there any plan to add support for remote apps in the future?

Recording path

Hi,
i have enable recording uncommented in passthought
is_rec and rec_path
but when session start i receive in proxy
rdpproxy: WARNING (4387/4387) -- Unexpected receiving 'session_probe' - '0'
rdpproxy: WARNING (4387/4387) -- Unexpected receiving 'mode_console' - 'allow'
rdpproxy: WARNING (4387/4387) -- Unexpected receiving 'rec_path' - '2020-07-14/08:35-48a5bd92-f02b-46ba-a012-41d4dc8712c5'
rdpproxy: WARNING (4387/4387) -- Unexpected receiving 'session_log_path' - 'session_log-2020-07-14-08:35AM.log'

and my filename is -000000.mp4

Dynamic Resolution can cause distortion with FreeRDP

It seems that with a certain chance changing size of FreeRDP client window when dynamic resolution is enabled (/dynamic-resolution) can cause graphic distortion in right column of random width.

I observe this behaviour on Linux and Mac of XFreeRDP 2.0.0rc4 as well as master.

This happens randomly (~50% chance) and width of distorted column is also random.

After another window resize this problem may go away or re-appear with different width of distorted column.

I do not see anything relevant in FreeRDP or Redemption logs.

Problem does not occur with any other RDP client or when FreeRDP connects to windows machine directly.

I tried 7.3.41, 7.3.13 and 7.4.1

v8.0.19 ERR_SESSION_CLOSE_REJECTED_BY_ACL_MESSAGE

We using the passtrough.py
The system works as expected for 5 seconds, after it claim that it cannot read something from the socket, in 7.x, it is working good.
What changes between 7.x and 8.x that provide this error ?
Which data redemption ask from the passtrough.py ?

Jun 4 11:36:24 redemption rdpproxy: INFO (116557/116557) -- front_incoming_data
Jun 4 11:36:27 redemption rdpproxy: INFO (116557/116557) -- front_incoming_data
Jun 4 11:36:27 redemption rdpproxy: INFO (116557/116557) -- front_incoming_data
Jun 4 11:36:27 redemption rdpproxy: INFO (116557/116557) -- front_incoming_data
Jun 4 11:36:27 redemption rdpproxy: INFO (116557/116557) -- front_incoming_data
Jun 4 11:36:27 redemption rdpproxy: INFO (116557/116557) -- front_incoming_data
Jun 4 11:36:27 redemption rdpproxy: INFO (116557/116557) -- front_incoming_data
Jun 4 11:36:28 redemption rdpproxy: INFO (116557/116557) -- front_incoming_data
Jun 4 11:36:28 redemption rdpproxy: INFO (116557/116557) -- front_incoming_data
Jun 4 11:36:28 redemption rdpproxy: INFO (116557/116557) -- front_incoming_data
Jun 4 11:36:28 redemption rdpproxy: INFO (116557/116557) -- front_incoming_data
Jun 4 11:36:28 redemption rdpproxy: INFO (116557/116557) -- front_incoming_data
Jun 4 11:36:30 redemption rdpproxy: INFO (116557/116557) -- front_incoming_data
Jun 4 11:36:36 redemption rdpproxy: INFO (116557/116557) -- front_incoming_data
Jun 4 11:36:38 redemption rdpproxy: INFO (116557/116557) -- front_incoming_data
Jun 4 11:36:47 redemption rdpproxy: ERR (116557/116557) -- SocketTransport::do_atomic_read: Failed to read from socket Authentifier!
Jun 4 11:36:47 redemption rdpproxy: ERR (116557/116557) -- Exception in sequencing = Exception ERR_SESSION_CLOSE_REJECTED_BY_ACL_MESSAGE no: 24501
Jun 4 11:36:47 redemption rdpproxy: INFO (116557/116557) -- check_acl: close by Rejected message received : Connection closed by manager.
Jun 4 11:36:47 redemption rdpproxy: INFO (116557/116557) -- got SIGPIPE(13) : ignoring
Jun 4 11:36:47 redemption rdpproxy: WARNING (116557/116557) -- SocketTransport::Send failed on Authentifier (3) errno=32 [Broken pipe]
Jun 4 11:36:47 redemption rdpproxy: ERR (116557/116557) -- ACL SERIALIZER : Exception ERR_TRANSPORT_WRITE_FAILED no: 1502
Jun 4 11:36:47 redemption rdpproxy: [rdpproxy] psid="1591263338116557" user="Administrateur" type="TARGET_DISCONNECTION" reason="Connection closed by manager."
Jun 4 11:36:47 redemption rdpproxy: INFO (116557/116557) -- got SIGPIPE(13) : ignoring
Jun 4 11:36:47 redemption rdpproxy: WARNING (116557/116557) -- SocketTransport::Send failed on Authentifier (3) errno=32 [Broken pipe]
Jun 4 11:36:47 redemption rdpproxy: ERR (116557/116557) -- ACL SERIALIZER : Exception ERR_TRANSPORT_WRITE_FAILED no: 1502
Jun 4 11:36:47 redemption rdpproxy: INFO (116557/116557) -- Socket RDP Target (6) : closing connection
Jun 4 11:36:47 redemption rdpproxy: INFO (116557/116557) -- Socket Authentifier (3) : closing connection
Jun 4 11:36:47 redemption rdpproxy: INFO (116557/116557) -- WabCloseMod: Ending session in 5 seconds
Jun 4 11:36:47 redemption rdpproxy: INFO (116557/116557) -- Setting new mod MODULE_INTERNAL_CLOSE (was MODULE_RDP)
Jun 4 11:36:52 redemption rdpproxy: INFO (116557/116557) -- Reading mod_signal from 0x556fb6e0b700 is BACK_EVENT_STOP
Jun 4 11:36:52 redemption rdpproxy: INFO (116557/116557) -- Session::Client Session Disconnected
Jun 4 11:36:52 redemption rdpproxy: [rdpproxy] psid="1591263338116557" type="DISCONNECT"
Jun 4 11:36:52 redemption rdpproxy: INFO (116557/116557) -- Socket RDP Client (5) : closing connection
root@redemption:~#

interactive target module expects "target_host" but dispays "target_device"

If "target_host" is set when initializing module "interactive_target", the field with label Device will be empty and not asked.

If "target_device" is set, the field with label Device will be empty asked and there will be another field without a label with the value.

If both are set, it works as intended:

I'm guessing this should only use "target_device" field.

proxy_recoder: how to play out file

how can i play the out file for proxy_recoder?

where can i download wabengine library or fake library?

I saw wabengine libray use in file https://github.com/wallix/redemption/blob/future/tools/sesman/sesmanworker/engine.py
Where can i obtain this libray?

RDP Clipboard/Drive redirection support

I was testing redemption for redirection, and I couldn't make it work.

I'm using the proxy connecting from a Windows 7 machine to a Windows
2008 server via mstsc (with clipboard and sharing all drives on the
settings tab of mstsc.exe) but on connection no extra drive is mounted
and clipboard sharing doesn't work.
And I'm positive that redirection works on that Windows 2008 RDP
server, because I tested it without the use of Redepmtion, connecting
directly.

On the proxy side I've set allow_channels=*, deny_channels=
and the verbosity flag set for mod_rdp, front and session.

When I start a connection I see the debug message deny_channels=EVERY
POSSIBLE CHANNEL. Even thou it's set to nothing in the ini file.

I think this is happening on the update_authorized_channels() function
from AuthorizationChannels class.

Do I need to take any extra steps to make it work?

I'm using the release 0.9.723.
Running it by using the following commands:
$ python ./passthrough.py

/usr/local/bin/rdpproxy -nf

Please check the ini file and the syslog output attached:
rdpproxy.ini.txt
log.txt

Thanks for the help.

Feature request: outgoing interface from passthrough.py

Possible to add token in python passthrough to specifify the outgoing interface for rdpproxy to reach the target host.

enable Video recording

How is it possible to record video without realizing the user?
setting output format!
setting output directory and ....
It seems that video tests are failed.

proxy_recorder:NLA Authentication Failed

When I use proxy_recoder like this:

./proxy_recorder --target-host xx.xx.xx.xx -p 3389 -P 8008 -t dump-%d.out

./proxy_recorder --target-host xx.xx.xx.xx -p 3389 -P 8008 --nla-username xxxx --nla-password xxxx -t dump-%d.out

get error:

ERR (2690/2690) -- Recording front connection ending: NLA Authentication Failed
INFO (2690/2690) -- Exiting FrontServer (1)

When I connect directly, there is no problem, only when I pass the proxy.

Can you give me some advice？

here is log:

INFO (3871/3871) -- Listen: binding socket 3 on 0.0.0.0:8008
INFO (3871/3871) -- Listen: listening on socket 3
INFO (3871/3871) -- Starting FrontServer
INFO (3881/3881) -- Recording front connection in dump-0001.out
INFO (3881/3881) -- connecting to 10.8.18.29:3389
INFO (3881/3881) -- connection to 10.8.18.29:3389 (10.8.18.29) succeeded : socket 5
INFO (3881/3881) -- front step 1
INFO (3881/3881) -- CR Recv: PROTOCOL TLS
INFO (3881/3881) -- CR Recv: PROTOCOL HYBRID
INFO (3881/3881) -- CC Send: PROTOCOL HYBRID
INFO (3881/3881) -- SocketTransport::enable_server_tls() start (front)
INFO (3881/3881) -- Enable server TLS
INFO (3881/3881) -- TLSContext::enable_server_tls() set SSL options
INFO (3881/3881) -- TLSContext::X509_get_pubkey()
INFO (3881/3881) -- TLSContext::i2d_PublicKey()
INFO (3881/3881) -- TLSContext::i2d_PublicKey()
INFO (3881/3881) -- Incoming connection to Bastion using TLS version TLSv1.2
INFO (3881/3881) -- TLSContext::Server cipher 1: TLS_AES_256_GCM_SHA384
INFO (3881/3881) -- TLSContext::Server cipher 2: TLS_CHACHA20_POLY1305_SHA256
INFO (3881/3881) -- TLSContext::Server cipher 3: TLS_AES_128_GCM_SHA256
INFO (3881/3881) -- TLSContext::Server cipher 4: ECDHE-ECDSA-AES256-GCM-SHA384
INFO (3881/3881) -- TLSContext::Server cipher 5: ECDHE-RSA-AES256-GCM-SHA384
INFO (3881/3881) -- TLSContext::Server cipher 6: DHE-RSA-AES256-GCM-SHA384
INFO (3881/3881) -- TLSContext::Server cipher 7: ECDHE-ECDSA-CHACHA20-POLY1305
INFO (3881/3881) -- TLSContext::Server cipher 8: ECDHE-RSA-CHACHA20-POLY1305
INFO (3881/3881) -- TLSContext::Server cipher 9: DHE-RSA-CHACHA20-POLY1305
INFO (3881/3881) -- TLSContext::Server cipher 10: ECDHE-ECDSA-AES128-GCM-SHA256
INFO (3881/3881) -- TLSContext::Server cipher 11: ECDHE-RSA-AES128-GCM-SHA256
INFO (3881/3881) -- TLSContext::Server cipher 12: DHE-RSA-AES128-GCM-SHA256
INFO (3881/3881) -- TLSContext::Server cipher 13: ECDHE-ECDSA-AES256-SHA384
INFO (3881/3881) -- TLSContext::Server cipher 14: ECDHE-RSA-AES256-SHA384
INFO (3881/3881) -- TLSContext::Server cipher 15: DHE-RSA-AES256-SHA256
INFO (3881/3881) -- TLSContext::Server cipher 16: ECDHE-ECDSA-AES128-SHA256
INFO (3881/3881) -- TLSContext::Server cipher 17: ECDHE-RSA-AES128-SHA256
INFO (3881/3881) -- TLSContext::Server cipher 18: DHE-RSA-AES128-SHA256
INFO (3881/3881) -- TLSContext::Server cipher 19: ECDHE-ECDSA-AES256-SHA
INFO (3881/3881) -- TLSContext::Server cipher 20: ECDHE-RSA-AES256-SHA
INFO (3881/3881) -- TLSContext::Server cipher 21: DHE-RSA-AES256-SHA
INFO (3881/3881) -- TLSContext::Server cipher 22: ECDHE-ECDSA-AES128-SHA
INFO (3881/3881) -- TLSContext::Server cipher 23: ECDHE-RSA-AES128-SHA
INFO (3881/3881) -- TLSContext::Server cipher 24: DHE-RSA-AES128-SHA
INFO (3881/3881) -- TLSContext::Server cipher 25: RSA-PSK-AES256-GCM-SHA384
INFO (3881/3881) -- TLSContext::Server cipher 26: DHE-PSK-AES256-GCM-SHA384
INFO (3881/3881) -- TLSContext::Server cipher 27: RSA-PSK-CHACHA20-POLY1305
INFO (3881/3881) -- TLSContext::Server cipher 28: DHE-PSK-CHACHA20-POLY1305
INFO (3881/3881) -- TLSContext::Server cipher 29: ECDHE-PSK-CHACHA20-POLY1305
INFO (3881/3881) -- TLSContext::Server cipher 30: AES256-GCM-SHA384
INFO (3881/3881) -- TLSContext::Server cipher 31: PSK-AES256-GCM-SHA384
INFO (3881/3881) -- TLSContext::Server cipher 32: PSK-CHACHA20-POLY1305
INFO (3881/3881) -- TLSContext::Server cipher 33: RSA-PSK-AES128-GCM-SHA256
INFO (3881/3881) -- TLSContext::Server cipher 34: DHE-PSK-AES128-GCM-SHA256
INFO (3881/3881) -- TLSContext::Server cipher 35: AES128-GCM-SHA256
INFO (3881/3881) -- TLSContext::Server cipher 36: PSK-AES128-GCM-SHA256
INFO (3881/3881) -- TLSContext::Server cipher 37: AES256-SHA256
INFO (3881/3881) -- TLSContext::Server cipher 38: AES128-SHA256
INFO (3881/3881) -- TLSContext::Server cipher 39: ECDHE-PSK-AES256-CBC-SHA384
INFO (3881/3881) -- TLSContext::Server cipher 40: ECDHE-PSK-AES256-CBC-SHA
INFO (3881/3881) -- TLSContext::Server cipher 41: SRP-RSA-AES-256-CBC-SHA
INFO (3881/3881) -- TLSContext::Server cipher 42: SRP-AES-256-CBC-SHA
INFO (3881/3881) -- TLSContext::Server cipher 43: RSA-PSK-AES256-CBC-SHA384
INFO (3881/3881) -- TLSContext::Server cipher 44: DHE-PSK-AES256-CBC-SHA384
INFO (3881/3881) -- TLSContext::Server cipher 45: RSA-PSK-AES256-CBC-SHA
INFO (3881/3881) -- TLSContext::Server cipher 46: DHE-PSK-AES256-CBC-SHA
INFO (3881/3881) -- TLSContext::Server cipher 47: AES256-SHA
INFO (3881/3881) -- TLSContext::Server cipher 48: PSK-AES256-CBC-SHA384
INFO (3881/3881) -- TLSContext::Server cipher 49: PSK-AES256-CBC-SHA
INFO (3881/3881) -- TLSContext::Server cipher 50: ECDHE-PSK-AES128-CBC-SHA256
INFO (3881/3881) -- TLSContext::Server cipher 51: ECDHE-PSK-AES128-CBC-SHA
INFO (3881/3881) -- TLSContext::Server cipher 52: SRP-RSA-AES-128-CBC-SHA
INFO (3881/3881) -- TLSContext::Server cipher 53: SRP-AES-128-CBC-SHA
INFO (3881/3881) -- TLSContext::Server cipher 54: RSA-PSK-AES128-CBC-SHA256
INFO (3881/3881) -- TLSContext::Server cipher 55: DHE-PSK-AES128-CBC-SHA256
INFO (3881/3881) -- TLSContext::Server cipher 56: RSA-PSK-AES128-CBC-SHA
INFO (3881/3881) -- TLSContext::Server cipher 57: DHE-PSK-AES128-CBC-SHA
INFO (3881/3881) -- TLSContext::Server cipher 58: AES128-SHA
INFO (3881/3881) -- TLSContext::Server cipher 59: PSK-AES128-CBC-SHA256
INFO (3881/3881) -- TLSContext::Server cipher 60: PSK-AES128-CBC-SHA
INFO (3881/3881) -- TLSContext::Negociated cipher used ECDHE-RSA-AES256-GCM-SHA384
INFO (3881/3881) -- SocketTransport::enable_server_tls() done
INFO (3881/3881) -- RdpNego: TLS=Enabled NLA=Disabled adminMode=Disabled
INFO (3881/3881) -- recvNTLMNegotiateMessage full dump--------------------------------
INFO (3881/3881) -- /* 0000 */ "\x4e\x54\x4c\x4d\x53\x53\x50\x00\x01\x00\x00\x00\xb7\x82\x08\xe2" // NTLMSSP.........
INFO (3881/3881) -- /* 0010 */ "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" // ................
INFO (3881/3881) -- /* 0020 */ "\x06\x01\xb1\x1d\x00\x00\x00\x0f"                                 // ........
INFO (3881/3881) -- recvNTLMNegotiateMessage hexdump end - START PARSING DATA-------------
INFO (3881/3881) -- negotiateFlags "0xE28A8235"{
INFO (3881/3881) --     |NTLMSSP_NEGOTIATE_56, // (31)
INFO (3881/3881) --     |NTLMSSP_NEGOTIATE_KEY_EXCH, // (30)
INFO (3881/3881) --     |NTLMSSP_NEGOTIATE_128, // (29)
INFO (3881/3881) --     |NTLMSSP_NEGOTIATE_VERSION, // (25)
INFO (3881/3881) --     |NTLMSSP_NEGOTIATE_TARGET_INFO, // (23)
INFO (3881/3881) --     |NTLMSSP_NEGOTIATE_EXTENDED_SESSION_SECURITY, // (19)
INFO (3881/3881) --     |NTLMSSP_TARGET_TYPE_SERVER, // (17)
INFO (3881/3881) --     |NTLMSSP_NEGOTIATE_ALWAYS_SIGN, // (15)
INFO (3881/3881) --     |NTLMSSP_NEGOTIATE_NTLM, // (9)
INFO (3881/3881) --     |NTLMSSP_NEGOTIATE_SEAL, // (5)
INFO (3881/3881) --     |NTLMSSP_NEGOTIATE_SIGN, // (4)
INFO (3881/3881) --     |NTLMSSP_REQUEST_TARGET, // (2)
INFO (3881/3881) --     |NTLMSSP_NEGOTIATE_UNICODE, // (0)
INFO (3881/3881) -- }
INFO (3881/3881) -- NTLM Message Authenticate Dump (Recv)
INFO (3881/3881) -- /* 0000 */ 0x4e, 0x54, 0x4c, 0x4d, 0x53, 0x53, 0x50, 0x00, 0x03, 0x00, 0x00, 0x00, 0x18, 0x00, 0x18, 0x00,  // NTLMSSP.........
INFO (3881/3881) -- /* 0010 */ 0x80, 0x00, 0x00, 0x00, 0xbe, 0x00, 0xbe, 0x00, 0x98, 0x00, 0x00, 0x00, 0x16, 0x00, 0x16, 0x00,  // ................
INFO (3881/3881) -- /* 0020 */ 0x58, 0x00, 0x00, 0x00, 0x08, 0x00, 0x08, 0x00, 0x6e, 0x00, 0x00, 0x00, 0x0a, 0x00, 0x0a, 0x00,  // X.......n.......
INFO (3881/3881) -- /* 0030 */ 0x76, 0x00, 0x00, 0x00, 0x10, 0x00, 0x10, 0x00, 0x56, 0x01, 0x00, 0x00, 0x35, 0xb2, 0x88, 0xe2,  // v.......V...5...
INFO (3881/3881) -- /* 0040 */ 0x06, 0x01, 0xb1, 0x1d, 0x00, 0x00, 0x00, 0x0f, 0xc9, 0x62, 0xfc, 0x8e, 0x48, 0xd1, 0x8a, 0xef,  // .........b..H...
INFO (3881/3881) -- /* 0050 */ 0xdb, 0xce, 0x89, 0x46, 0xa9, 0xfc, 0x3e, 0x85, 0x31, 0x00, 0x30, 0x00, 0x2e, 0x00, 0x32, 0x00,  // ...F..>.1.0...2.
INFO (3881/3881) -- /* 0060 */ 0x31, 0x00, 0x31, 0x00, 0x2e, 0x00, 0x35, 0x00, 0x35, 0x00, 0x2e, 0x00, 0x36, 0x00, 0x6e, 0x00,  // 1.1...5.5...6.n.
INFO (3881/3881) -- /* 0070 */ 0x69, 0x00, 0x63, 0x00, 0x6f, 0x00, 0x79, 0x00, 0x61, 0x00, 0x6e, 0x00, 0x67, 0x00, 0x68, 0x00,  // i.c.o.y.a.n.g.h.
INFO (3881/3881) -- /* 0080 */ 0xc6, 0x4a, 0x2b, 0x4c, 0xbc, 0xc8, 0x6c, 0xba, 0xb1, 0x4e, 0xea, 0x51, 0x10, 0xe7, 0x17, 0xd6,  // .J+L..l..N.Q....
INFO (3881/3881) -- /* 0090 */ 0xf2, 0x1f, 0x62, 0x85, 0xd5, 0xa5, 0xb2, 0xc9, 0x90, 0x6c, 0x60, 0x2e, 0x26, 0x9a, 0xc9, 0xcb,  // ..b......l`.&...
INFO (3881/3881) -- /* 00a0 */ 0xe3, 0xc3, 0x7f, 0x2d, 0x14, 0x13, 0x92, 0xea, 0x01, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,  // ...-............
INFO (3881/3881) -- /* 00b0 */ 0x67, 0x95, 0x0e, 0x5a, 0x4e, 0x56, 0x76, 0xd6, 0xf2, 0x1f, 0x62, 0x85, 0xd5, 0xa5, 0xb2, 0xc9,  // g..ZNVv...b.....
INFO (3881/3881) -- /* 00c0 */ 0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0x08, 0x00, 0x57, 0x00, 0x49, 0x00, 0x4e, 0x00, 0x37, 0x00,  // ........W.I.N.7.
INFO (3881/3881) -- /* 00d0 */ 0x01, 0x00, 0x08, 0x00, 0x57, 0x00, 0x49, 0x00, 0x4e, 0x00, 0x37, 0x00, 0x04, 0x00, 0x08, 0x00,  // ....W.I.N.7.....
INFO (3881/3881) -- /* 00e0 */ 0x77, 0x00, 0x69, 0x00, 0x6e, 0x00, 0x37, 0x00, 0x03, 0x00, 0x08, 0x00, 0x77, 0x00, 0x69, 0x00,  // w.i.n.7.....w.i.
INFO (3881/3881) -- /* 00f0 */ 0x6e, 0x00, 0x37, 0x00, 0x07, 0x00, 0x08, 0x00, 0x67, 0x95, 0x0e, 0x5a, 0x4e, 0x56, 0x76, 0xd6,  // n.7.....g..ZNVv.
INFO (3881/3881) -- /* 0100 */ 0x06, 0x00, 0x04, 0x00, 0x02, 0x00, 0x00, 0x00, 0x0a, 0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00,  // ................
INFO (3881/3881) -- /* 0110 */ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x09, 0x00, 0x26, 0x00,  // ..............&.
INFO (3881/3881) -- /* 0120 */ 0x54, 0x00, 0x45, 0x00, 0x52, 0x00, 0x4d, 0x00, 0x53, 0x00, 0x52, 0x00, 0x56, 0x00, 0x2f, 0x00,  // T.E.R.M.S.R.V./.
INFO (3881/3881) -- /* 0130 */ 0x31, 0x00, 0x30, 0x00, 0x2e, 0x00, 0x32, 0x00, 0x31, 0x00, 0x31, 0x00, 0x2e, 0x00, 0x35, 0x00,  // 1.0...2.1.1...5.
INFO (3881/3881) -- /* 0140 */ 0x35, 0x00, 0x2e, 0x00, 0x36, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,  // 5...6...........
INFO (3881/3881) -- /* 0150 */ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xad, 0x6e, 0xc8, 0x8c, 0xe9, 0xd9, 0xe0, 0xa4, 0x47, 0xff,  // .......n......G.
INFO (3881/3881) -- /* 0160 */ 0x96, 0xc1, 0x8a, 0x1c, 0x1e, 0x8a,                                                              // ......
INFO (3881/3881) -- LmChallengeResponse: offset=128 len=24 buffer_len=24
INFO (3881/3881) -- /* 0000 */ 0xc6, 0x4a, 0x2b, 0x4c, 0xbc, 0xc8, 0x6c, 0xba, 0xb1, 0x4e, 0xea, 0x51, 0x10, 0xe7, 0x17, 0xd6,  // .J+L..l..N.Q....
INFO (3881/3881) -- /* 0010 */ 0xf2, 0x1f, 0x62, 0x85, 0xd5, 0xa5, 0xb2, 0xc9,                                                  // ..b.....
INFO (3881/3881) -- : offset=152 len=190 buffer_len=190
INFO (3881/3881) -- /* 0000 */ 0x90, 0x6c, 0x60, 0x2e, 0x26, 0x9a, 0xc9, 0xcb, 0xe3, 0xc3, 0x7f, 0x2d, 0x14, 0x13, 0x92, 0xea,  // .l`.&......-....
INFO (3881/3881) -- /* 0010 */ 0x01, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x67, 0x95, 0x0e, 0x5a, 0x4e, 0x56, 0x76, 0xd6,  // ........g..ZNVv.
INFO (3881/3881) -- /* 0020 */ 0xf2, 0x1f, 0x62, 0x85, 0xd5, 0xa5, 0xb2, 0xc9, 0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0x08, 0x00,  // ..b.............
INFO (3881/3881) -- /* 0030 */ 0x57, 0x00, 0x49, 0x00, 0x4e, 0x00, 0x37, 0x00, 0x01, 0x00, 0x08, 0x00, 0x57, 0x00, 0x49, 0x00,  // W.I.N.7.....W.I.
INFO (3881/3881) -- /* 0040 */ 0x4e, 0x00, 0x37, 0x00, 0x04, 0x00, 0x08, 0x00, 0x77, 0x00, 0x69, 0x00, 0x6e, 0x00, 0x37, 0x00,  // N.7.....w.i.n.7.
INFO (3881/3881) -- /* 0050 */ 0x03, 0x00, 0x08, 0x00, 0x77, 0x00, 0x69, 0x00, 0x6e, 0x00, 0x37, 0x00, 0x07, 0x00, 0x08, 0x00,  // ....w.i.n.7.....
INFO (3881/3881) -- /* 0060 */ 0x67, 0x95, 0x0e, 0x5a, 0x4e, 0x56, 0x76, 0xd6, 0x06, 0x00, 0x04, 0x00, 0x02, 0x00, 0x00, 0x00,  // g..ZNVv.........
INFO (3881/3881) -- /* 0070 */ 0x0a, 0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,  // ................
INFO (3881/3881) -- /* 0080 */ 0x00, 0x00, 0x00, 0x00, 0x09, 0x00, 0x26, 0x00, 0x54, 0x00, 0x45, 0x00, 0x52, 0x00, 0x4d, 0x00,  // ......&.T.E.R.M.
INFO (3881/3881) -- /* 0090 */ 0x53, 0x00, 0x52, 0x00, 0x56, 0x00, 0x2f, 0x00, 0x31, 0x00, 0x30, 0x00, 0x2e, 0x00, 0x32, 0x00,  // S.R.V./.1.0...2.
INFO (3881/3881) -- /* 00a0 */ 0x31, 0x00, 0x31, 0x00, 0x2e, 0x00, 0x35, 0x00, 0x35, 0x00, 0x2e, 0x00, 0x36, 0x00, 0x00, 0x00,  // 1.1...5.5...6...
INFO (3881/3881) -- /* 00b0 */ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,              // ..............
INFO (3881/3881) -- DomainName: offset=88 len=22 buffer_len=22
INFO (3881/3881) -- /* 0000 */ 0x31, 0x00, 0x30, 0x00, 0x2e, 0x00, 0x32, 0x00, 0x31, 0x00, 0x31, 0x00, 0x2e, 0x00, 0x35, 0x00,  // 1.0...2.1.1...5.
INFO (3881/3881) -- /* 0010 */ 0x35, 0x00, 0x2e, 0x00, 0x36, 0x00,                                                              // 5...6.
INFO (3881/3881) -- UserName: offset=110 len=8 buffer_len=8
INFO (3881/3881) -- /* 0000 */ 0x6e, 0x00, 0x69, 0x00, 0x63, 0x00, 0x6f, 0x00,                                                  // n.i.c.o.
INFO (3881/3881) -- Workstation: offset=118 len=10 buffer_len=10
INFO (3881/3881) -- /* 0000 */ 0x79, 0x00, 0x61, 0x00, 0x6e, 0x00, 0x67, 0x00, 0x68, 0x00,                                      // y.a.n.g.h.
INFO (3881/3881) -- EncryptedRandomSessionKey: offset=342 len=16 buffer_len=16
INFO (3881/3881) -- /* 0000 */ 0xad, 0x6e, 0xc8, 0x8c, 0xe9, 0xd9, 0xe0, 0xa4, 0x47, 0xff, 0x96, 0xc1, 0x8a, 0x1c, 0x1e, 0x8a,  // .n......G.......
ERR (3881/3881) -- Recording front connection ending: NLA Authentication Failed
INFO (3881/3881) -- Exiting FrontServer (1)
INFO (3871/3871) -- Starting FrontServer
INFO (3900/3900) -- Recording front connection in dump-0002.out
INFO (3900/3900) -- connecting to 10.8.18.29:3389
INFO (3900/3900) -- connection to 10.8.18.29:3389 (10.8.18.29) succeeded : socket 5
INFO (3900/3900) -- front step 1
INFO (3900/3900) -- CR Recv: PROTOCOL TLS
INFO (3900/3900) -- CR Recv: PROTOCOL HYBRID
INFO (3900/3900) -- CC Send: PROTOCOL HYBRID
INFO (3900/3900) -- SocketTransport::enable_server_tls() start (front)
INFO (3900/3900) -- Enable server TLS
INFO (3900/3900) -- TLSContext::enable_server_tls() set SSL options
INFO (3900/3900) -- TLSContext::X509_get_pubkey()
INFO (3900/3900) -- TLSContext::i2d_PublicKey()
INFO (3900/3900) -- TLSContext::i2d_PublicKey()
INFO (3900/3900) -- Incoming connection to Bastion using TLS version TLSv1.2
INFO (3900/3900) -- TLSContext::Server cipher 1: TLS_AES_256_GCM_SHA384
INFO (3900/3900) -- TLSContext::Server cipher 2: TLS_CHACHA20_POLY1305_SHA256
INFO (3900/3900) -- TLSContext::Server cipher 3: TLS_AES_128_GCM_SHA256
INFO (3900/3900) -- TLSContext::Server cipher 4: ECDHE-ECDSA-AES256-GCM-SHA384
INFO (3900/3900) -- TLSContext::Server cipher 5: ECDHE-RSA-AES256-GCM-SHA384
INFO (3900/3900) -- TLSContext::Server cipher 6: DHE-RSA-AES256-GCM-SHA384
INFO (3900/3900) -- TLSContext::Server cipher 7: ECDHE-ECDSA-CHACHA20-POLY1305
INFO (3900/3900) -- TLSContext::Server cipher 8: ECDHE-RSA-CHACHA20-POLY1305
INFO (3900/3900) -- TLSContext::Server cipher 9: DHE-RSA-CHACHA20-POLY1305
INFO (3900/3900) -- TLSContext::Server cipher 10: ECDHE-ECDSA-AES128-GCM-SHA256
INFO (3900/3900) -- TLSContext::Server cipher 11: ECDHE-RSA-AES128-GCM-SHA256
INFO (3900/3900) -- TLSContext::Server cipher 12: DHE-RSA-AES128-GCM-SHA256
INFO (3900/3900) -- TLSContext::Server cipher 13: ECDHE-ECDSA-AES256-SHA384
INFO (3900/3900) -- TLSContext::Server cipher 14: ECDHE-RSA-AES256-SHA384
INFO (3900/3900) -- TLSContext::Server cipher 15: DHE-RSA-AES256-SHA256
INFO (3900/3900) -- TLSContext::Server cipher 16: ECDHE-ECDSA-AES128-SHA256
INFO (3900/3900) -- TLSContext::Server cipher 17: ECDHE-RSA-AES128-SHA256
INFO (3900/3900) -- TLSContext::Server cipher 18: DHE-RSA-AES128-SHA256
INFO (3900/3900) -- TLSContext::Server cipher 19: ECDHE-ECDSA-AES256-SHA
INFO (3900/3900) -- TLSContext::Server cipher 20: ECDHE-RSA-AES256-SHA
INFO (3900/3900) -- TLSContext::Server cipher 21: DHE-RSA-AES256-SHA
INFO (3900/3900) -- TLSContext::Server cipher 22: ECDHE-ECDSA-AES128-SHA
INFO (3900/3900) -- TLSContext::Server cipher 23: ECDHE-RSA-AES128-SHA
INFO (3900/3900) -- TLSContext::Server cipher 24: DHE-RSA-AES128-SHA
INFO (3900/3900) -- TLSContext::Server cipher 25: RSA-PSK-AES256-GCM-SHA384
INFO (3900/3900) -- TLSContext::Server cipher 26: DHE-PSK-AES256-GCM-SHA384
INFO (3900/3900) -- TLSContext::Server cipher 27: RSA-PSK-CHACHA20-POLY1305
INFO (3900/3900) -- TLSContext::Server cipher 28: DHE-PSK-CHACHA20-POLY1305
INFO (3900/3900) -- TLSContext::Server cipher 29: ECDHE-PSK-CHACHA20-POLY1305
INFO (3900/3900) -- TLSContext::Server cipher 30: AES256-GCM-SHA384
INFO (3900/3900) -- TLSContext::Server cipher 31: PSK-AES256-GCM-SHA384
INFO (3900/3900) -- TLSContext::Server cipher 32: PSK-CHACHA20-POLY1305
INFO (3900/3900) -- TLSContext::Server cipher 33: RSA-PSK-AES128-GCM-SHA256
INFO (3900/3900) -- TLSContext::Server cipher 34: DHE-PSK-AES128-GCM-SHA256
INFO (3900/3900) -- TLSContext::Server cipher 35: AES128-GCM-SHA256
INFO (3900/3900) -- TLSContext::Server cipher 36: PSK-AES128-GCM-SHA256
INFO (3900/3900) -- TLSContext::Server cipher 37: AES256-SHA256
INFO (3900/3900) -- TLSContext::Server cipher 38: AES128-SHA256
INFO (3900/3900) -- TLSContext::Server cipher 39: ECDHE-PSK-AES256-CBC-SHA384
INFO (3900/3900) -- TLSContext::Server cipher 40: ECDHE-PSK-AES256-CBC-SHA
INFO (3900/3900) -- TLSContext::Server cipher 41: SRP-RSA-AES-256-CBC-SHA
INFO (3900/3900) -- TLSContext::Server cipher 42: SRP-AES-256-CBC-SHA
INFO (3900/3900) -- TLSContext::Server cipher 43: RSA-PSK-AES256-CBC-SHA384
INFO (3900/3900) -- TLSContext::Server cipher 44: DHE-PSK-AES256-CBC-SHA384
INFO (3900/3900) -- TLSContext::Server cipher 45: RSA-PSK-AES256-CBC-SHA
INFO (3900/3900) -- TLSContext::Server cipher 46: DHE-PSK-AES256-CBC-SHA
INFO (3900/3900) -- TLSContext::Server cipher 47: AES256-SHA
INFO (3900/3900) -- TLSContext::Server cipher 48: PSK-AES256-CBC-SHA384
INFO (3900/3900) -- TLSContext::Server cipher 49: PSK-AES256-CBC-SHA
INFO (3900/3900) -- TLSContext::Server cipher 50: ECDHE-PSK-AES128-CBC-SHA256
INFO (3900/3900) -- TLSContext::Server cipher 51: ECDHE-PSK-AES128-CBC-SHA
INFO (3900/3900) -- TLSContext::Server cipher 52: SRP-RSA-AES-128-CBC-SHA
INFO (3900/3900) -- TLSContext::Server cipher 53: SRP-AES-128-CBC-SHA
INFO (3900/3900) -- TLSContext::Server cipher 54: RSA-PSK-AES128-CBC-SHA256
INFO (3900/3900) -- TLSContext::Server cipher 55: DHE-PSK-AES128-CBC-SHA256
INFO (3900/3900) -- TLSContext::Server cipher 56: RSA-PSK-AES128-CBC-SHA
INFO (3900/3900) -- TLSContext::Server cipher 57: DHE-PSK-AES128-CBC-SHA
INFO (3900/3900) -- TLSContext::Server cipher 58: AES128-SHA
INFO (3900/3900) -- TLSContext::Server cipher 59: PSK-AES128-CBC-SHA256
INFO (3900/3900) -- TLSContext::Server cipher 60: PSK-AES128-CBC-SHA
INFO (3900/3900) -- TLSContext::Negociated cipher used ECDHE-RSA-AES256-GCM-SHA384
INFO (3900/3900) -- SocketTransport::enable_server_tls() done
INFO (3900/3900) -- RdpNego: TLS=Enabled NLA=Disabled adminMode=Disabled
INFO (3900/3900) -- recvNTLMNegotiateMessage full dump--------------------------------
INFO (3900/3900) -- /* 0000 */ "\x4e\x54\x4c\x4d\x53\x53\x50\x00\x01\x00\x00\x00\xb7\x82\x08\xe2" // NTLMSSP.........
INFO (3900/3900) -- /* 0010 */ "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" // ................
INFO (3900/3900) -- /* 0020 */ "\x06\x01\xb1\x1d\x00\x00\x00\x0f"                                 // ........
INFO (3900/3900) -- recvNTLMNegotiateMessage hexdump end - START PARSING DATA-------------
INFO (3900/3900) -- negotiateFlags "0xE28A8235"{
INFO (3900/3900) --     |NTLMSSP_NEGOTIATE_56, // (31)
INFO (3900/3900) --     |NTLMSSP_NEGOTIATE_KEY_EXCH, // (30)
INFO (3900/3900) --     |NTLMSSP_NEGOTIATE_128, // (29)
INFO (3900/3900) --     |NTLMSSP_NEGOTIATE_VERSION, // (25)
INFO (3900/3900) --     |NTLMSSP_NEGOTIATE_TARGET_INFO, // (23)
INFO (3900/3900) --     |NTLMSSP_NEGOTIATE_EXTENDED_SESSION_SECURITY, // (19)
INFO (3900/3900) --     |NTLMSSP_TARGET_TYPE_SERVER, // (17)
INFO (3900/3900) --     |NTLMSSP_NEGOTIATE_ALWAYS_SIGN, // (15)
INFO (3900/3900) --     |NTLMSSP_NEGOTIATE_NTLM, // (9)
INFO (3900/3900) --     |NTLMSSP_NEGOTIATE_SEAL, // (5)
INFO (3900/3900) --     |NTLMSSP_NEGOTIATE_SIGN, // (4)
INFO (3900/3900) --     |NTLMSSP_REQUEST_TARGET, // (2)
INFO (3900/3900) --     |NTLMSSP_NEGOTIATE_UNICODE, // (0)
INFO (3900/3900) -- }
INFO (3900/3900) -- NTLM Message Authenticate Dump (Recv)
INFO (3900/3900) -- /* 0000 */ 0x4e, 0x54, 0x4c, 0x4d, 0x53, 0x53, 0x50, 0x00, 0x03, 0x00, 0x00, 0x00, 0x18, 0x00, 0x18, 0x00,  // NTLMSSP.........
INFO (3900/3900) -- /* 0010 */ 0x80, 0x00, 0x00, 0x00, 0xbe, 0x00, 0xbe, 0x00, 0x98, 0x00, 0x00, 0x00, 0x16, 0x00, 0x16, 0x00,  // ................
INFO (3900/3900) -- /* 0020 */ 0x58, 0x00, 0x00, 0x00, 0x08, 0x00, 0x08, 0x00, 0x6e, 0x00, 0x00, 0x00, 0x0a, 0x00, 0x0a, 0x00,  // X.......n.......
INFO (3900/3900) -- /* 0030 */ 0x76, 0x00, 0x00, 0x00, 0x10, 0x00, 0x10, 0x00, 0x56, 0x01, 0x00, 0x00, 0x35, 0xb2, 0x88, 0xe2,  // v.......V...5...
INFO (3900/3900) -- /* 0040 */ 0x06, 0x01, 0xb1, 0x1d, 0x00, 0x00, 0x00, 0x0f, 0x1c, 0xd9, 0xd4, 0xc6, 0x52, 0x9b, 0x43, 0x04,  // ............R.C.
INFO (3900/3900) -- /* 0050 */ 0x5c, 0x0b, 0x58, 0xfe, 0x56, 0x97, 0x18, 0xc2, 0x31, 0x00, 0x30, 0x00, 0x2e, 0x00, 0x32, 0x00,  // ..X.V...1.0...2.
INFO (3900/3900) -- /* 0060 */ 0x31, 0x00, 0x31, 0x00, 0x2e, 0x00, 0x35, 0x00, 0x35, 0x00, 0x2e, 0x00, 0x36, 0x00, 0x6e, 0x00,  // 1.1...5.5...6.n.
INFO (3900/3900) -- /* 0070 */ 0x69, 0x00, 0x63, 0x00, 0x6f, 0x00, 0x79, 0x00, 0x61, 0x00, 0x6e, 0x00, 0x67, 0x00, 0x68, 0x00,  
INFO (3900/3900) -- /* 0080 */ 0xb8, 0x4c, 0xf7, 0x0d, 0x6a, 0xba, 0x96, 0xde, 0x17, 0x44, 0x05, 0xb3, 0x23, 0x0c, 0x85, 0xd7,  // .L..j....D..#...
INFO (3900/3900) -- /* 0090 */ 0xd9, 0x3e, 0x00, 0x94, 0x76, 0x92, 0x48, 0x8e, 0xc0, 0xfd, 0x85, 0x06, 0x2b, 0x5b, 0xb3, 0xd3,  // .>..v.H.....+[..
INFO (3900/3900) -- /* 00a0 */ 0x34, 0x10, 0xf9, 0xd2, 0x0a, 0xed, 0xba, 0x0d, 0x01, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,  // 4...............
INFO (3900/3900) -- /* 00b0 */ 0x67, 0x95, 0x0e, 0x5a, 0x4e, 0x56, 0x76, 0xd6, 0xd9, 0x3e, 0x00, 0x94, 0x76, 0x92, 0x48, 0x8e,  // g..ZNVv..>..v.H.
INFO (3900/3900) -- /* 00c0 */ 0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0x08, 0x00, 0x57, 0x00, 0x49, 0x00, 0x4e, 0x00, 0x37, 0x00,  // ........W.I.N.7.
INFO (3900/3900) -- /* 00d0 */ 0x01, 0x00, 0x08, 0x00, 0x57, 0x00, 0x49, 0x00, 0x4e, 0x00, 0x37, 0x00, 0x04, 0x00, 0x08, 0x00,  // ....W.I.N.7.....
INFO (3900/3900) -- /* 00e0 */ 0x77, 0x00, 0x69, 0x00, 0x6e, 0x00, 0x37, 0x00, 0x03, 0x00, 0x08, 0x00, 0x77, 0x00, 0x69, 0x00,  // w.i.n.7.....w.i.
INFO (3900/3900) -- /* 00f0 */ 0x6e, 0x00, 0x37, 0x00, 0x07, 0x00, 0x08, 0x00, 0x67, 0x95, 0x0e, 0x5a, 0x4e, 0x56, 0x76, 0xd6,  // n.7.....g..ZNVv.
INFO (3900/3900) -- /* 0100 */ 0x06, 0x00, 0x04, 0x00, 0x02, 0x00, 0x00, 0x00, 0x0a, 0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00,  // ................
INFO (3900/3900) -- /* 0110 */ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x09, 0x00, 0x26, 0x00,  // ..............&.
INFO (3900/3900) -- /* 0120 */ 0x54, 0x00, 0x45, 0x00, 0x52, 0x00, 0x4d, 0x00, 0x53, 0x00, 0x52, 0x00, 0x56, 0x00, 0x2f, 0x00,  // T.E.R.M.S.R.V./.
INFO (3900/3900) -- /* 0130 */ 0x31, 0x00, 0x30, 0x00, 0x2e, 0x00, 0x32, 0x00, 0x31, 0x00, 0x31, 0x00, 0x2e, 0x00, 0x35, 0x00,  // 1.0...2.1.1...5.
INFO (3900/3900) -- /* 0140 */ 0x35, 0x00, 0x2e, 0x00, 0x36, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,  // 5...6...........
INFO (3900/3900) -- /* 0150 */ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xbf, 0x1a, 0xc4, 0x1b, 0x92, 0xfa, 0xc5, 0x9b, 0x04, 0x4a,  // ...............J
INFO (3900/3900) -- /* 0160 */ 0xf5, 0x8e, 0xc6, 0x13, 0xe1, 0x94,                                                              // ......
INFO (3900/3900) -- LmChallengeResponse: offset=128 len=24 buffer_len=24
INFO (3900/3900) -- /* 0000 */ 0xb8, 0x4c, 0xf7, 0x0d, 0x6a, 0xba, 0x96, 0xde, 0x17, 0x44, 0x05, 0xb3, 0x23, 0x0c, 0x85, 0xd7,  // .L..j....D..#...
INFO (3900/3900) -- /* 0010 */ 0xd9, 0x3e, 0x00, 0x94, 0x76, 0x92, 0x48, 0x8e,                                                  // .>..v.H.
INFO (3900/3900) -- : offset=152 len=190 buffer_len=190
INFO (3900/3900) -- /* 0000 */ 0xc0, 0xfd, 0x85, 0x06, 0x2b, 0x5b, 0xb3, 0xd3, 0x34, 0x10, 0xf9, 0xd2, 0x0a, 0xed, 0xba, 0x0d,  // ....+[..4.......
INFO (3900/3900) -- /* 0010 */ 0x01, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x67, 0x95, 0x0e, 0x5a, 0x4e, 0x56, 0x76, 0xd6,  // ........g..ZNVv.
INFO (3900/3900) -- /* 0020 */ 0xd9, 0x3e, 0x00, 0x94, 0x76, 0x92, 0x48, 0x8e, 0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0x08, 0x00,  // .>..v.H.........
INFO (3900/3900) -- /* 0030 */ 0x57, 0x00, 0x49, 0x00, 0x4e, 0x00, 0x37, 0x00, 0x01, 0x00, 0x08, 0x00, 0x57, 0x00, 0x49, 0x00,  // W.I.N.7.....W.I.
INFO (3900/3900) -- /* 0040 */ 0x4e, 0x00, 0x37, 0x00, 0x04, 0x00, 0x08, 0x00, 0x77, 0x00, 0x69, 0x00, 0x6e, 0x00, 0x37, 0x00,  // N.7.....w.i.n.7.
INFO (3900/3900) -- /* 0050 */ 0x03, 0x00, 0x08, 0x00, 0x77, 0x00, 0x69, 0x00, 0x6e, 0x00, 0x37, 0x00, 0x07, 0x00, 0x08, 0x00,  // ....w.i.n.7.....
INFO (3900/3900) -- /* 0060 */ 0x67, 0x95, 0x0e, 0x5a, 0x4e, 0x56, 0x76, 0xd6, 0x06, 0x00, 0x04, 0x00, 0x02, 0x00, 0x00, 0x00,  // g..ZNVv.........
INFO (3900/3900) -- /* 0070 */ 0x0a, 0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,  // ................
INFO (3900/3900) -- /* 0080 */ 0x00, 0x00, 0x00, 0x00, 0x09, 0x00, 0x26, 0x00, 0x54, 0x00, 0x45, 0x00, 0x52, 0x00, 0x4d, 0x00,  // ......&.T.E.R.M.
INFO (3900/3900) -- /* 0090 */ 0x53, 0x00, 0x52, 0x00, 0x56, 0x00, 0x2f, 0x00, 0x31, 0x00, 0x30, 0x00, 0x2e, 0x00, 0x32, 0x00,  // S.R.V./.1.0...2.
INFO (3900/3900) -- /* 00a0 */ 0x31, 0x00, 0x31, 0x00, 0x2e, 0x00, 0x35, 0x00, 0x35, 0x00, 0x2e, 0x00, 0x36, 0x00, 0x00, 0x00,  // 1.1...5.5...6...
INFO (3900/3900) -- /* 00b0 */ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,              // ..............
INFO (3900/3900) -- DomainName: offset=88 len=22 buffer_len=22
INFO (3900/3900) -- /* 0000 */ 0x31, 0x00, 0x30, 0x00, 0x2e, 0x00, 0x32, 0x00, 0x31, 0x00, 0x31, 0x00, 0x2e, 0x00, 0x35, 0x00,  // 1.0...2.1.1...5.
INFO (3900/3900) -- /* 0010 */ 0x35, 0x00, 0x2e, 0x00, 0x36, 0x00,                                                              
INFO (3900/3900) -- UserName: offset=110 len=8 buffer_len=8
INFO (3900/3900) -- /* 0000 */ 0x6e, 0x00, 0x69, 0x00, 0x63, 0x00, 0x6f, 0x00,                                                  
INFO (3900/3900) -- Workstation: offset=118 len=10 buffer_len=10
INFO (3900/3900) -- /* 0000 */ 0x79, 0x00, 0x61, 0x00, 0x6e, 0x00, 0x67, 0x00, 0x68, 0x00,                                      
INFO (3900/3900) -- EncryptedRandomSessionKey: offset=342 len=16 buffer_len=16
INFO (3900/3900) -- /* 0000 */ 0xbf, 0x1a, 0xc4, 0x1b, 0x92, 0xfa, 0xc5, 0x9b, 0x04, 0x4a, 0xf5, 0x8e, 0xc6, 0x13, 0xe1, 0x94,  // .........J......
ERR (3900/3900) -- Recording front connection ending: NLA Authentication Failed
INFO (3900/3900) -- Exiting FrontServer (1)

how to change "Device" field to pop-up menu?

I want to modify the project in a way to provide a list of servers, rather than entering destination IP address and then client is able to select a target. i don't know how to do that.
Thanks for guiding me through that.

How to use this project

I've been compile this project successfully? I have not find any document how to use this project?

fail compilation

I get this error while trying to compile the project (master branch):

$ sudo bjam exe --toolset=gcc-4.9
/usr/share/boost-build/src/util/path.jam:511: in path.make from module path
error: Empty path passed to 'make-UNIX'
/usr/share/boost-build/src/build/property.jam:435: in translate-path-value from module property
/usr/share/boost-build/src/build/property.jam:539: in property.translate from module property
/usr/share/boost-build/src/build/property-set.jam:432: in property-set.create-from-user-input from module property-set
/usr/share/boost-build/src/build/property-set.jam:484: in property-set.refine-from-user-input from module property-set
/usr/share/boost-build/src/build/targets.jam:1602: in targets.main-target-requirements from module targets
/usr/share/boost-build/src/tools/builtin.jam:535: in lib from module builtin
Jamroot:187: in modules.load from module Jamfile</home/osboxes/dev/redemption>
/usr/share/boost-build/src/build/project.jam:325: in load-jamfile from module project
/usr/share/boost-build/src/build/project.jam:64: in load from module project
/usr/share/boost-build/src/build/project.jam:145: in project.find from module project
/usr/share/boost-build/src/build-system.jam:535: in load from module build-system
/usr/share/boost-build/src/kernel/modules.jam:289: in import from module modules
/usr/share/boost-build/src/kernel/bootstrap.jam:139: in boost-build from module
/usr/share/boost-build/boost-build.jam:8: in module scope from module

I first thought this might be a bjam problem but then tried to compile older version (b9e2d66)
which worked perfectly fine. Any idea what might be the problem?

Wallix problem with .rdp

Hi,
I meet a problem with the generation of rdp file, i would like the option disablewallpaper::0 but i have disablewallpaper::1.
Someone has an Idea ?

Tks

Installation on Debian 10.0

Hi, you can share this one to everyone trying to compile redemption on Debian 10
Debian 10 is now close to "Unbuntu" requirements

This procedure is successfully tested on latest Debian 10.0 (using NetInstall CD)

apt-get install libboost-tools-dev libboost-test-dev libssl-dev libkrb5-dev libsnappy-dev libpng-dev libavcodec-dev libavformat-dev libavutil-dev libswscale-dev libx264-dev libbz2-dev
git clone https://github.com/wallix/redemption.git
cd redemption
git submodule update --init
bjam exe libs
bjam install

Microsoft Remote Desktop for Mac 10 missing fonts on redemption UI

Version 8.0.44 of Microsoft Remote Desktop for Mac works fine with redemption UI, but 10 is missing fonts:

8.0.44

10.2.13

Is this an issue with the client or redemption? The client can be downloaded for free on App store.

How to change log level?

redemption is a bit chatty by default. Is there any way to change log level if I'm not interested in INFO level messages?

I didn't find anything related in rdpproxy --help

Centos 7 compilation

Hello!
Great tool! I was looking for rdp-proxy for long time and using haproxy as rdp-proxy via rdp-cookie, but your solution is much more flexible.
Sorry, i'am not a developer, so i want to ask, probably, silly question - is it possible to compile your tool on CentOS 7?
Thank you very much!

How to modify the passthroug.py to implement automatically login to the target server

Is there any instruction to implement automatically login to the target server?

Invalid Fast-Path Cached Pointer Updates received from Redemption 1.1.76

Hi Wallix team,

As suggested by a FreeRDP maintainer, here is the feedback of a bug encountered when trying to reach targets (Windows 2016 and xrdp 0.9.9 on Ubuntu 16.04) through Redemption 1.1.76 (installed as a component of Wallix AdminBastion), with FreeRDP 2.x client releases.

Once connected to the target, I try to type something on any kind of text input field (file explorer, PuTTY, etc.), and FreeRDP crash with a Fastpath update Cached Pointer [a] failed, status 0 error message.

My FreeRDP debug log (FreeRDP 2.2.0 with some additional debug lines, built and run on a Debian GNU/Linux 10.5) :

[22:17:10:885] [19280:19281] [INFO][com.freerdp.core] - freerdp_connect:freerdp_set_last_error_ex resetting error state
[22:17:10:885] [19280:19281] [INFO][com.freerdp.client.common.cmdline] - loading channelEx rdpdr
[22:17:10:885] [19280:19281] [INFO][com.freerdp.client.common.cmdline] - loading channelEx rdpsnd
[22:17:10:885] [19280:19281] [INFO][com.freerdp.client.common.cmdline] - loading channelEx cliprdr
[22:17:10:316] [19280:19281] [INFO][com.freerdp.primitives] - primitives autodetect, using optimized
[22:17:10:318] [19280:19281] [INFO][com.freerdp.core] - freerdp_tcp_is_hostname_resolvable:freerdp_set_last_error_ex resetting error state
[22:17:10:318] [19280:19281] [INFO][com.freerdp.core] - freerdp_tcp_connect:freerdp_set_last_error_ex resetting error state
[22:17:11:449] [19280:19281] [WARN][com.freerdp.core.rdp] - pduType PDU_TYPE_DATA not properly parsed, 164 bytes remaining unhandled. Skipping.
[22:17:11:449] [19280:19281] [INFO][com.freerdp.gdi] - Local framebuffer format  PIXEL_FORMAT_BGRA32
[22:17:11:449] [19280:19281] [INFO][com.freerdp.gdi] - Remote framebuffer format PIXEL_FORMAT_RGB16
[22:17:11:477] [19280:19281] [INFO][com.winpr.clipboard] - initialized POSIX local file subsystem
[22:17:11:478] [19280:19281] [INFO][com.freerdp.channels.rdpsnd.client] - [static] Loaded fake backend for rdpsnd
[22:17:12:855] [19280:19281] [WARN][com.freerdp.core.update] - [0x01] Cache Color Table - SERVER BUG: The support for this feature was not announced!
[22:17:14:825] [19280:19281] [INFO][com.freerdp.cache.pointer] - ------> Pointer PUT index : 0 <------
[22:17:15:807] [19280:19281] [INFO][com.freerdp.cache.pointer] - ------> Pointer PUT index : 1 <------
[22:17:15:807] [19280:19281] [INFO][com.freerdp.cache.pointer] - ------> Pointer PUT index : 2 <------
[22:17:15:821] [19280:19281] [INFO][com.freerdp.cache.pointer] - ------> Pointer GET index : 1 <------
[22:17:15:843] [19280:19281] [INFO][com.freerdp.cache.pointer] - ------> Pointer GET index : 2 <------
[22:17:15:853] [19280:19281] [INFO][com.freerdp.cache.pointer] - ------> Pointer PUT index : 3 <------
[22:17:15:866] [19280:19281] [INFO][com.freerdp.cache.pointer] - ------> Pointer GET index : 2 <------
[22:17:15:898] [19280:19281] [INFO][com.freerdp.cache.pointer] - ------> Pointer GET index : 1 <------
[22:17:15:033] [19280:19281] [INFO][com.freerdp.cache.pointer] - ------> Pointer GET index : 4 <------
[22:17:15:033] [19280:19281] [ERROR][com.freerdp.core.fastpath] - Fastpath update Cached Pointer [a] failed, status 0
[22:17:15:033] [19280:19281] [ERROR][com.freerdp.core.fastpath] - fastpath_recv_update() - -1
[22:17:15:033] [19280:19281] [ERROR][com.freerdp.core.fastpath] - fastpath_recv_update_data() fail
[22:17:15:033] [19280:19281] [ERROR][com.freerdp.core.transport] - transport_check_fds: transport->ReceiveCallback() - -3
[22:17:15:033] [19280:19281] [ERROR][com.freerdp.core] - freerdp_check_fds() failed - 0
[22:17:15:033] [19280:19281] [INFO][com.freerdp.client.common] - Network disconnect!
[22:17:15:033] [19280:19281] [ERROR][com.freerdp.client.x11] - Failed to check FreeRDP file descriptor

At 22:17:15:033, Redemption sends a Fast-Path Cached Pointer Update for cached index 4. But xfreerdp did not received any previous Fast-Path Color/New Pointer Update for this index, which leads to a xfreerdp failure.

The issue has been reported in a FreeRDP pull request : FreeRDP/FreeRDP#6477 but maybe a patch on Redemption's side could fix it.

Thank you in advance for your help.

Failed to compile redemption on debian 9

It seems an openssl library issue

...failed updating 40 targets...
...skipped 16 targets...
...updated 53 targets...

No libraries compiled and no binaries.

Is ther a way to fix it ?

/usr/include/openssl/ossl_typ.h:102:16: note: forward declaration of ‘HMAC_CTX {aka struct hmac_ctx_st}’
typedef struct hmac_ctx_st HMAC_CTX;
^~~~~~~~~~~
In file included from src/system/linux/system/ssl_sha1.hpp:29:0,
from src/utils/bitmap.hpp:35,
from src/utils/bitmap_from_file.hpp:32,
from src/mod/internal/test_card_mod.cpp:30:
src/system/linux/system/basic_hmac.hpp:73:14: error: field ‘hmac’ has incomplete type ‘HMAC_CTX {aka hmac_ctx_st}’
HMAC_CTX hmac;
^~~~
In file included from /usr/include/openssl/evp.h:14:0,
from /usr/include/openssl/hmac.h:15,
from include/openssl_crypto.hpp:37,
from src/system/linux/system/ssl_sha1.hpp:28,
from src/utils/bitmap.hpp:35,
from src/utils/bitmap_from_file.hpp:32,
from src/mod/internal/test_card_mod.cpp:30:
/usr/include/openssl/ossl_typ.h:102:16: note: forward declaration of ‘HMAC_CTX {aka struct hmac_ctx_st}’
typedef struct hmac_ctx_st HMAC_CTX;
^~~~~~~~~~~

"g++"  -ftemplate-depth-128 -O3 -finline-functions -Wno-inline -Wall -fPIC -Wall -Warray-bounds=2 -Wcast-align -Wcast-qual -Wconditionally-supported -Wdisabled-optimization -Wdouble-promotion -Wduplicated-cond -Wextra -Wfloat-conversion -Wfloat-equal -Wformat-security -Wformat-signedness -Wformat=2 -Wlogical-op -Wmissing-declarations -Wmissing-include-dirs -Wno-switch-enum -Wswitch -Wnoexcept -Wnon-virtual-dtor -Wnull-dereference -Wold-style-cast -Wopenmp-simd -Woverloaded-virtual -Wpacked -Wredundant-decls -Wsized-deallocation -Wstrict-null-sentinel -Wsuggest-attribute=noreturn -Wsuggest-override -Wtrampolines -Wundef -Wuninitialized -Wunused-macros -Wuseless-cast -Wvector-operation-performance -Wvla -Wzero-as-null-pointer-constant -fPIC -fsized-deallocation -pedantic -pedantic-errors -std=c++11 -DNDEBUG -D_FILE_OFFSET_BITS=64 -D_LARGEFILE64_SOURCE -D__STDC_FORMAT_MACROS  -I"include" -I"modules/includes" -I"modules/ppocr/includes/mln" -I"modules/ppocr/src" -I"projects/ocr1/include" -I"projects/redemption_configs/include/autogen" -I"projects/redemption_configs/redemption_src" -I"src" -I"src/system/linux" -c -o "bin/gcc-6.3.0/release/src/mod/internal/test_card_mod.o" "src/mod/internal/test_card_mod.cpp"

Audio in 2 ways and camera

MS standard RDP settings are a connection with remote sound, but without microphone.
Unfortunatly, you get only one-way-audio instead oft wo-way audio:
You cannot use a VOIP phone program or even Skype using headphone including a microphone.
You do not get an audio input device in the RDP session.

The corresponding parameter to change within a standard RDP file for MS RDP to get full "Two-Way-Audio" with Sound Output >AND< Sound Input (like Microphone) is:

audiocapturemode:i:1
(instead of standard audiocapturemode:i:0).

And optional with Video Transfer, there is one parameter more:
camerastoredirect:s:*

It would be nice to have „two way audio“ as default. Video would be nice.

Do you think it would be possible to allows ?
We invested some time to make VOIP audio working, but failed with sessions via Redemption.

Of course, there are some other but well known obstacles:

Microphone access must be allowed within Windows 10 since 1903
A Registry key must be changed from 1 to 0 for every Windows:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp\ RegDWORD
fDisableAudioCapture = 0

Then you get „Remoteaudio“ for Audio Output as well as Audio Input in Windows.

Our wish is
audiocapturemode:i:1

Failed to compile redemption on Debian 9 step2

Hi on debian 9 i have these errors

...failed gcc.compile.c++ bin/gcc-6.3.0/release/src/lib/do_recorder.cpp.lib.o...
...skipped <pbin/gcc-6.3.0/release>libredrec.so for lack of <pbin/gcc-6.3.0/release>src/lib/do_recorder.cpp.lib.o...
...failed updating 82 targets...
...skipped 3 targets...

Attached the full log of bjam
redemption.compile.txt

Monitor current sessions ?

Is it possible to have a tool that generates a table with

session_id,source_ipaddess, source_username, target_ip:target_port, time elapsed

With possibility to kill a session.

Compilation error with gcc-4.8 on ubuntu 14

Hello guys,

i'm trying to build master/the latest release and i'm getting the following compile-time errors:

g++-4.8: error: unrecognized command line option ‘-Wconditionally-supported’
g++-4.8: error: unrecognized command line option ‘-Wfloat-conversion’
g++-4.8: error: unrecognized command line option ‘-Wopenmp-simd’

Also, i tried the following things without success:

I used gcc-4.6 and gcc-4.7 but there is more unrecognized compiler flags like those.
I tried to disable those flags in Jamroot file, but I got some redecleration errors in that case. (https://github.com/wallix/redemption/blob/master/src/core/RDP/PersistentKeyListPDU.hpp#L393)

My question is which platform do you use for build? which compiler version? any special configuration?

Thx,
Speidy.

mp4 video quality

profile=baseline preset=ultrafast flags=+qscale b=30000

preset option

I found out these options : ultrafast, fast, slow

What are the other options?

Cannot change expired password

How i change my expired password?

I have this error

Jul 17 16:08:15 RDP-Proxy rdpproxy: INFO (10987/10987) -- Credssp recvTSCredentials() ErrorCode = c0000224, Facility = 0, Code = 224
Jul 17 16:08:15 RDP-Proxy rdpproxy: ERR (10987/10987) -- DecryptMessage failure: SEC_E_INVALID_TOKEN
Jul 17 16:08:15 RDP-Proxy rdpproxy: ERR (10987/10987) -- Could not verify public key echo!
Jul 17 16:08:15 RDP-Proxy rdpproxy: INFO (10987/10987) -- NLA/CREDSSP Authentication Failed (2)
Jul 17 16:08:15 RDP-Proxy rdpproxy: INFO (10987/10987) -- RdpNego::fallback_to_tls
Jul 17 16:08:15 RDP-Proxy rdpproxy: INFO (10987/10987) -- Socket RDP Target (7) : closing connection
Jul 17 16:08:15 RDP-Proxy rdpproxy: INFO (10987/10987) -- connecting to 172.30.0.164:3389
Jul 17 16:08:15 RDP-Proxy rdpproxy: INFO (10987/10987) -- connection to 172.30.0.164:3389 (172.30.0.164) succeeded : socket 7
Jul 17 16:08:15 RDP-Proxy rdpproxy: INFO (10987/10987) -- Can't activate NLA
Jul 17 16:08:15 RDP-Proxy rdpproxy: INFO (10987/10987) -- falling back to SSL only
Jul 17 16:08:15 RDP-Proxy rdpproxy: INFO (10987/10987) -- RdpNego::NEGO_STATE_NLA
Jul 17 16:08:15 RDP-Proxy rdpproxy: INFO (10987/10987) -- NEG_RSP_TYPE=3 NEG_RSP_FLAGS=0 NEG_RSP_LENGTH=8 NEG_RSP_SELECTED_PROTOCOL=5
Jul 17 16:08:15 RDP-Proxy rdpproxy: INFO (10987/10987) -- HYBRID_REQUIRED_BY_SERVER
Jul 17 16:08:15 RDP-Proxy rdpproxy: INFO (10987/10987) -- Enable NLA is probably required
Jul 17 16:08:15 RDP-Proxy rdpproxy: INFO (10987/10987) -- Socket RDP Target (7) : closing connection
Jul 17 16:08:15 RDP-Proxy rdpproxy: INFO (10987/10987) -- throw error mod_rdp::fd event exception 23000: NLA Authentication Failed
Jul 17 16:08:15 RDP-Proxy rdpproxy: [rdpproxy] psid="159499489210987" user="xxx.xxx" type="TARGET_DISCONNECTION" reason="NLA Authentication Failed!"
Jul 17 16:08:15 RDP-Proxy rdpproxy: INFO (10987/10987) -- ++++++++++++++++++++ create_mod(MODULE_INTERNAL_CLOSE_BACK) +++++++++++++++++++++++
Jul 17 16:08:15 RDP-Proxy rdpproxy: INFO (10987/10987) -- ----------------------- create_close_mod_back_to_selector() -> ModPack -----------------
Jul 17 16:08:15 RDP-Proxy rdpproxy: INFO (10987/10987) -- WabCloseMod: Ending session in 600 seconds
Jul 17 16:08:15 RDP-Proxy rdpproxy: [RDP Session] session_id="" client_ip="10.0.8.2" target_ip="172.30.0.164" user="xxx.xxx" device="172.30.0.164" service="" account="xxx.xxx" type="SESSION_DISCONNECTION" duration="0:00:00"

Too large video mp4 size

When setting codec_id=mp4, recorded mp4 files are too large. It seems that Redemption does not compress mp4 files. How is it possible to set compression parameters, such as CRF, for mp4 recording?

Feature request: Allow authentifier to control which channels are enabled

Currently enabled channels can be controlled globally by configuration. I'd like to control channels per session so that they can be enabled or disabled based on host or user for example.

Pull request #55 has an implementation proposal.

100% CPU usage

Rdpproxy works great and with passthrough session manager does exactly what I need it to do.
However, once a single RDP session is established, rdpproxy process consumes 100% of available CPU (33% user 66% system).
Is that expected?

Session is a simple passthrough without any recording/capture.

If this is not expected, what are the steps to troubleshoot this?

No Capture 1

#png_path=
wrm_path=/var/rdpproxy/recorded

pds-rdc:/var/log # cat messages | grep apture

2016-12-20T17:03:32.294557+03:00 pds-rdc rdpproxy: INFO (16985/16985) -- Starting Capture
2016-12-20T17:03:32.294852+03:00 pds-rdc rdpproxy: INFO (16985/16985) -- No Capture 1

Help?

assert fails in debug build

```rdpproxy: core/RDP/mcs.hpp:2007: void send_mcs_connect_response_pdu_with_gcc_conference_create_response(Transport*, ClientInfo*, const ChannelList&, uint8_t (&)[32], int, uint8_t (&)[512], uint8_t (&)[512]): Assertion`offset_len_mcs_connect_response - offset_len_mcs_data == 38' failed.

Do you get this too or you're using different compiler?

Patch is simple:

assert(offset_len_mcs_connect_response - offset_len_mcs_data == 38);
assert(offset_len_mcs_data - offset_len_mcs_connect_response == 38);

Debian 9.9 build Fails

Trying to build redemption on debian 9.9 but i 'm getting error below

src/transport/ws/ws_protocol.hpp:76:22: error: no member named 'boyer_moore_searcher' in namespace 'std'
std::boyer_moore_searcher(needle.begin(), needle.end()));
~~~~~^
1 error generated.

and

...failed updating 3 targets...
...skipped 2 targets...
...updated 206 targets...

Also cannot build packages too. Is there any known work around?

can't find wrm file path

I can't finad wrm file path.
When I started a proxy and successed, I can not find wrm file or mwrm file anywhere.
I had modify the rdpproxy.ini.
This is video config:

[video]

# min = 0
#_advanced
capture_groupid = 33

# Specifies the type of data to be captured:
# min = 0, max = 5
#   0x00: none
#   0x01: png
#   0x02: wrm
#   0x04: video
#   0x08: ocr
# Note: values can be added (enable all: 0x01 + 0x02 + 0x04 + 0x08 = 0x0f)
#_advanced
#_hex
capture_flags = 2

# Frame interval.
# (is in 1/10 second)
#_advanced
png_interval = 10

# Frame interval.
# (is in 1/100 second)
#_advanced
frame_interval = 40

# Time between 2 wrm movies.
# (is in second)
#_advanced
break_interval = 600

# Number of png captures to keep.
# min = 0
#_advanced
png_limit = 5

# maxlen = 4096
#_advanced
replay_path = /tmp/

# maxlen = 4096
#_advanced
hash_path = /var/rdpproxy/hash

# maxlen = 4096
#_advanced
record_tmp_path = /var/rdpproxy/tmp

# maxlen = 4096
#_advanced
record_path = /var/rdpproxy/recorded/rdp

# Disable keyboard log:
# (Please see also "Keyboard input masking level" in "session_log" section of "Connection Policy".)
# min = 0, max = 4
#   0x0: none
#   0x1: disable keyboard log in syslog
#   0x2: disable keyboard log in recorded sessions
#   0x4: disable keyboard log in recorded meta
# Note: values can be added (disable all: 0x1 + 0x2 + 0x4 = 0x7)
#_hex
#disable_keyboard_log = 1

# Disable clipboard log:
# min = 0, max = 4
#   0x0: none
#   0x1: disable clipboard log in syslog
#   0x2: disable clipboard log in recorded sessions
#   0x4: disable clipboard log in recorded meta
# Note: values can be added (disable all: 0x1 + 0x2 + 0x4 = 0x7)
#_hex
#disable_clipboard_log = 1

# Disable (redirected) file system log:
# min = 0, max = 4
#   0x0: none
#   0x1: disable (redirected) file system log in syslog
#   0x2: disable (redirected) file system log in recorded sessions
#   0x4: disable (redirected) file system log in recorded meta
# Note: values can be added (disable all: 0x1 + 0x2 + 0x4 = 0x7)
#_hex
#disable_file_system_log = 1

# value: 0 or 1
#_hidden
rt_display = 1

# The method by which the proxy RDP establishes criteria on which to chosse a color depth for native video capture:
# min = 0, max = 2
#   0: 24-bit
#   1: 16-bit
#_advanced
wrm_color_depth_selection_strategy = 1

# The compression method of native video capture:
# min = 0, max = 3
#   0: no compression
#   1: gzip
#   2: snappy
#_advanced
wrm_compression_algorithm = 0

# Needed to play a video with ffplay or VLC.
# Note: Useless with mpv and mplayer.
# value: 0 or 1
#_advanced
bogus_vlc_frame_rate = 0

#_advanced
codec_id = mp4

# min = 0
#_advanced
framerate = 5

# FFmpeg optons for video codec.
#_advanced
ffmpeg_options = profile=baseline preset=ultrafast flags=+qscale b=30000

# value: 0 or 1
#_advanced
notimestamp = 0

# min = 0, max = 3
#   0: Disabled. When replaying the session video, the content of the RDP viewer matches the size of the client's desktop
#   1: When replaying the session video, the content of the RDP viewer is restricted to the greatest area covered by the application during session
#   2: When replaying the session video, the content of the RDP viewer is fully covered by the size of the greatest application window during session
#smart_video_cropping = 2

# Needed to play a video with corrupted Bitmap Update.
# Note: Useless with mpv and mplayer.
# value: 0 or 1
#_advanced
play_video_with_corrupted_bitmap = 1

This is log:

rdpproxy: INFO (5879/5879) -- Setting new session socket to 5
rdpproxy: INFO (5879/5879) -- Session::session_main_loop() starting
rdpproxy: INFO (5879/5879) -- Front::incoming: CONNECTION_INITIATION
rdpproxy: INFO (5879/5879) -- Front::incoming: receiving x224 request PDU (53)
rdpproxy: INFO (5879/5879) -- CR Recv: PROTOCOL TLS
rdpproxy: INFO (5879/5879) -- CR Recv: PROTOCOL HYBRID
rdpproxy: INFO (5879/5879) -- Front::incoming: sending x224 connection confirm PDU
rdpproxy: INFO (5879/5879) -- -----------------> Front::incoming: TLS Support Enabled nla=false
rdpproxy: INFO (5879/5879) -- Enable TLS
rdpproxy: INFO (5879/5879) -- CC Send: PROTOCOL TLS
rdpproxy: INFO (5879/5879) -- SocketTransport::enable_server_tls() start (RDP Client)
rdpproxy: INFO (5879/5879) -- Enable server TLS
rdpproxy: INFO (5879/5879) -- TLSContext::enable_server_tls() set SSL options
rdpproxy: INFO (5879/5879) -- TLSContext::X509_get_pubkey()
rdpproxy: INFO (5879/5879) -- TLSContext::i2d_PublicKey()
rdpproxy: INFO (5879/5879) -- TLSContext::i2d_PublicKey()
rdpproxy: INFO (5879/5879) -- Incoming connection to Bastion using TLS version TLSv1.2
rdpproxy: INFO (5879/5879) -- TLSContext::Negociated cipher used ECDHE-RSA-AES256-GCM-SHA384
rdpproxy: INFO (5879/5879) -- SocketTransport::enable_server_tls() done
rdpproxy: INFO (5879/5879) -- Front::incoming: Basic Settings Exchange
rdpproxy: INFO (5879/5879) -- GCC::UserData tag=c001 length=216
rdpproxy: INFO (5879/5879) -- Front::incoming: Received from Client GCC User Data CS_CORE (216 bytes)
rdpproxy: INFO (5879/5879) -- cs_core::length [00d8]
rdpproxy: INFO (5879/5879) -- cs_core::version [80004] RDP 5.0, 5.1, 5.2, and 6.0 clients)
rdpproxy: INFO (5879/5879) -- cs_core::desktopWidth  = 1024
rdpproxy: INFO (5879/5879) -- cs_core::desktopHeight = 768
rdpproxy: INFO (5879/5879) -- cs_core::colorDepth    = [ca01] [RNS_UD_COLOR_8BPP] superseded by postBeta2ColorDepth
rdpproxy: INFO (5879/5879) -- cs_core::SASSequence   = [aa03] [RNS_UD_SAS_DEL]
rdpproxy: INFO (5879/5879) -- cs_core::keyboardLayout= e0010404
rdpproxy: INFO (5879/5879) -- cs_core::clientBuild   = 2600
rdpproxy: INFO (5879/5879) -- cs_core::clientName    = ruur
rdpproxy: INFO (5879/5879) -- cs_core::keyboardType  = [0004] IBM enhanced (101-key or 102-key) keyboard
rdpproxy: INFO (5879/5879) -- cs_core::keyboardSubType      = [0000] OEM code
rdpproxy: INFO (5879/5879) -- cs_core::keyboardFunctionKey  = 12 function keys
rdpproxy: INFO (5879/5879) -- cs_core::imeFileName    = 
rdpproxy: INFO (5879/5879) -- cs_core::postBeta2ColorDepth  = [ca01] [8 bpp]
rdpproxy: INFO (5879/5879) -- cs_core::clientProductId = 1
rdpproxy: INFO (5879/5879) -- cs_core::serialNumber = 0
rdpproxy: INFO (5879/5879) -- cs_core::highColorDepth  = [0010] [16-bit 565 RGB mask]
rdpproxy: INFO (5879/5879) -- cs_core::supportedColorDepths  = [0007] [24/16/15/]
rdpproxy: INFO (5879/5879) -- cs_core::earlyCapabilityFlags  = [0001]
rdpproxy: INFO (5879/5879) -- cs_core::earlyCapabilityFlags:RNS_UD_CS_SUPPORT_ERRINFO_PDU
rdpproxy: INFO (5879/5879) -- cs_core::clientDigProductId=[00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000]
rdpproxy: INFO (5879/5879) -- cs_core::connectionType = <unknown>
rdpproxy: INFO (5879/5879) -- cs_core::pad1octet = 0
rdpproxy: INFO (5879/5879) -- cs_core::serverSelectedProtocol = 1
rdpproxy: INFO (5879/5879) -- Client Color Depth is 16
rdpproxy: INFO (5879/5879) -- GCC::UserData tag=c004 length=12
rdpproxy: INFO (5879/5879) -- Front::incoming: Receiving from Client GCC User Data CS_CLUSTER (12 bytes)
rdpproxy: INFO (5879/5879) -- cs_cluster::flags [000d]
rdpproxy: INFO (5879/5879) -- cs_cluster::flags::REDIRECTION_SUPPORTED
rdpproxy: INFO (5879/5879) -- cs_cluster::flags::redirectionVersion = 4
rdpproxy: INFO (5879/5879) -- GCC::UserData tag=c002 length=12
rdpproxy: INFO (5879/5879) -- Front::incoming: Received from Client GCC User Data CS_SECURITY (12 bytes)
rdpproxy: INFO (5879/5879) -- CSSecGccUserData::encryptionMethods 0
rdpproxy: INFO (5879/5879) -- CSSecGccUserData::extEncryptionMethods 0
rdpproxy: INFO (5879/5879) -- Front::incoming: Sending to client GCC User Data SC_CORE (12 bytes)
rdpproxy: INFO (5879/5879) -- sc_core::version [80004] RDP 5.0, 5.1, 5.2, 6.0, 6.1, 7.0, 7.1 and 8.0 servers)
rdpproxy: INFO (5879/5879) -- sc_core::clientRequestedProtocols  = 3
rdpproxy: INFO (5879/5879) -- Front::incoming: Sending to client GCC User Data SC_NET (8 bytes)
rdpproxy: INFO (5879/5879) -- sc_net::MCSChannelId   = 1003
rdpproxy: INFO (5879/5879) -- sc_net::channelCount   = 0
rdpproxy: INFO (5879/5879) -- Front::incoming: Sending to client GCC User Data SC_SECURITY (12 bytes)
rdpproxy: INFO (5879/5879) -- sc_security::encryptionMethod = 0
rdpproxy: INFO (5879/5879) -- sc_security::encryptionLevel  = 0
rdpproxy: INFO (5879/5879) -- Front::incoming: Recv MCS::ErectDomainRequest
rdpproxy: INFO (5879/5879) -- Front::incoming: Recv MCS::AttachUserRequest
rdpproxy: INFO (5879/5879) -- Front::incoming: Send MCS::AttachUserConfirm userid=32
rdpproxy: INFO (5879/5879) -- Front::incoming: Secure Settings Exchange
rdpproxy: INFO (5879/5879) -- RDP-5 Style logon
rdpproxy: INFO (5879/5879) -- Receiving from client InfoPacket
rdpproxy: INFO (5879/5879) -- InfoPacket::CodePage 0
rdpproxy: INFO (5879/5879) -- InfoPacket::flags 0x9017b
rdpproxy: INFO (5879/5879) -- InfoPacket::flags:INFO_MOUSE yes
rdpproxy: INFO (5879/5879) -- InfoPacket::flags:INFO_DISABLECTRLALTDEL yes
rdpproxy: INFO (5879/5879) -- InfoPacket::flags:INFO_AUTOLOGON yes
rdpproxy: INFO (5879/5879) -- InfoPacket::flags:INFO_UNICODE yes
rdpproxy: INFO (5879/5879) -- InfoPacket::flags:INFO_MAXIMIZESHELL  yes
rdpproxy: INFO (5879/5879) -- InfoPacket::flags:INFO_LOGONNOTIFY yes
rdpproxy: INFO (5879/5879) -- InfoPacket::flags:INFO_COMPRESSION no
rdpproxy: INFO (5879/5879) -- InfoPacket::flags:CompressionTypeMask no
rdpproxy: INFO (5879/5879) -- InfoPacket::flags:INFO_ENABLEWINDOWSKEY  yes
rdpproxy: INFO (5879/5879) -- InfoPacket::flags:INFO_REMOTECONSOLEAUDIO no
rdpproxy: INFO (5879/5879) -- InfoPacket::flags:INFO_FORCE_ENCRYPTED_CS_PDU no
rdpproxy: INFO (5879/5879) -- InfoPacket::flags:INFO_RAIL no
rdpproxy: INFO (5879/5879) -- InfoPacket::flags:INFO_LOGONERRORS yes
rdpproxy: INFO (5879/5879) -- InfoPacket::flags:INFO_MOUSE_HAS_WHEEL no
rdpproxy: INFO (5879/5879) -- InfoPacket::flags:INFO_PASSWORD_IS_SC_PIN no
rdpproxy: INFO (5879/5879) -- InfoPacket::flags:INFO_NOAUDIOPLAYBACK yes
rdpproxy: INFO (5879/5879) -- InfoPacket::flags:INFO_USING_SAVED_CREDS no
rdpproxy: INFO (5879/5879) -- InfoPacket::flags:INFO_AUDIOCAPTURE no
rdpproxy: INFO (5879/5879) -- InfoPacket::flags:INFO_VIDEO_DISABLE no
rdpproxy: INFO (5879/5879) -- InfoPacket::flags:INFO_HIDEF_RAIL_SUPPORTED no
rdpproxy: INFO (5879/5879) -- InfoPacket::cbDomain 0
rdpproxy: INFO (5879/5879) -- InfoPacket::cbUserName 15
rdpproxy: INFO (5879/5879) -- InfoPacket::cbPassword 6
rdpproxy: INFO (5879/5879) -- InfoPacket::cbAlternateShell 0
rdpproxy: INFO (5879/5879) -- InfoPacket::cbWorkingDir 0
rdpproxy: INFO (5879/5879) -- InfoPacket::Domain 
rdpproxy: INFO (5879/5879) -- InfoPacket::UserName [email protected]
rdpproxy: INFO (5879/5879) -- InfoPacket::Password <hidden>
rdpproxy: INFO (5879/5879) -- InfoPacket::AlternateShell 
rdpproxy: INFO (5879/5879) -- InfoPacket::WorkingDir 
rdpproxy: INFO (5879/5879) -- InfoPacket::ExtendedInfoPacket::clientAddressFamily 2
rdpproxy: INFO (5879/5879) -- InfoPacket::ExtendedInfoPacket::cbClientAddress 10
rdpproxy: INFO (5879/5879) -- InfoPacket::ExtendedInfoPacket::clientAddress 127.0.0.1
rdpproxy: INFO (5879/5879) -- InfoPacket::ExtendedInfoPacket::cbClientDir 32
rdpproxy: INFO (5879/5879) -- InfoPacket::ExtendedInfoPacket::clientDir C:\Windows\System32\mstscax.dll
rdpproxy: INFO (5879/5879) -- InfoPacket::ExtendedInfoPacket::clientSessionId 0
rdpproxy: INFO (5879/5879) -- InfoPacket::ExtendedInfoPacket::performanceFlags 0x0
rdpproxy: INFO (5879/5879) -- InfoPacket::ExtendedInfoPacket::cbAutoReconnectLen 0
rdpproxy: INFO (5879/5879) -- InfoPacket::ExtendedInfoPacket::reserved1 0
rdpproxy: INFO (5879/5879) -- InfoPacket::ExtendedInfoPacket::reserved2 0
rdpproxy: INFO (5879/5879) -- InfoPacket::ExtendedInfoPacket::ClientTimeZone::Bias 4294966816
rdpproxy: INFO (5879/5879) -- InfoPacket::ExtendedInfoPacket::ClientTimeZone::StandardName Pacific Standard Time
rdpproxy: INFO (5879/5879) -- InfoPacket::ExtendedInfoPacket::ClientTimeZone::StandardDate.wYear 0
rdpproxy: INFO (5879/5879) -- InfoPacket::ExtendedInfoPacket::ClientTimeZone::StandardDate.wMonth 11
rdpproxy: INFO (5879/5879) -- InfoPacket::ExtendedInfoPacket::ClientTimeZone::StandardDate.wDayOfWeek 0
rdpproxy: INFO (5879/5879) -- InfoPacket::ExtendedInfoPacket::ClientTimeZone::StandardDate.wDay 1
rdpproxy: INFO (5879/5879) -- InfoPacket::ExtendedInfoPacket::ClientTimeZone::StandardDate.wHour 2
rdpproxy: INFO (5879/5879) -- InfoPacket::ExtendedInfoPacket::ClientTimeZone::StandardDate.wMinute 0
rdpproxy: INFO (5879/5879) -- InfoPacket::ExtendedInfoPacket::ClientTimeZone::StandardDate.wSecond 0
rdpproxy: INFO (5879/5879) -- InfoPacket::ExtendedInfoPacket::ClientTimeZone::StandardDate.wMilliseconds 0
rdpproxy: INFO (5879/5879) -- InfoPacket::ExtendedInfoPacket::ClientTimeZone::StandardBias 0
rdpproxy: INFO (5879/5879) -- InfoPacket::ExtendedInfoPacket::ClientTimeZone::DaylightName Pacific Daylight Time
rdpproxy: INFO (5879/5879) -- InfoPacket::ExtendedInfoPacket::ClientTimeZone::DaylightDate.wYear 0
rdpproxy: INFO (5879/5879) -- InfoPacket::ExtendedInfoPacket::ClientTimeZone::DaylightDate.wMonth 3
rdpproxy: INFO (5879/5879) -- InfoPacket::ExtendedInfoPacket::ClientTimeZone::DaylightDate.wDayOfWeek 0
rdpproxy: INFO (5879/5879) -- InfoPacket::ExtendedInfoPacket::ClientTimeZone::DaylightDate.wDay 1
rdpproxy: INFO (5879/5879) -- InfoPacket::ExtendedInfoPacket::ClientTimeZone::DaylightDate.wHour 2
rdpproxy: INFO (5879/5879) -- InfoPacket::ExtendedInfoPacket::ClientTimeZone::DaylightDate.wMinute 0
rdpproxy: INFO (5879/5879) -- InfoPacket::ExtendedInfoPacket::ClientTimeZone::DaylightDate.wSecond 0
rdpproxy: INFO (5879/5879) -- InfoPacket::ExtendedInfoPacket::ClientTimeZone::DaylightDate.wMilliseconds 0
rdpproxy: INFO (5879/5879) -- InfoPacket::ExtendedInfoPacket::ClientTimeZone::DaylightBias 4294967236
rdpproxy: INFO (5879/5879) -- client info: performance flags before=0x00000000 after=0x000000A8 default=0x00000080 present=0x00000028 not-present=0x00000000
rdpproxy: INFO (5879/5879) -- Unknown keyboard layout #0xe0010404. Reverting to default (English - United States)
rdpproxy: INFO (5879/5879) -- Front::incoming: Keyboard Layout = 0xe0010404
rdpproxy: INFO (5879/5879) -- Front::incoming: ACTIVATED (new license request)
rdpproxy: INFO (5879/5879) -- Front::incoming: send_demand_active
rdpproxy: INFO (5879/5879) -- Front::send_demand_active
rdpproxy: INFO (5879/5879) -- Front::send_demand_active: Sending to client General caps (24 bytes)
rdpproxy: INFO (5879/5879) --      General caps::major 1
rdpproxy: INFO (5879/5879) --      General caps::minor 3
rdpproxy: INFO (5879/5879) --      General caps::protocol 512
rdpproxy: INFO (5879/5879) --      General caps::pad2octetA 0
rdpproxy: INFO (5879/5879) --      General caps::compression type 0
rdpproxy: INFO (5879/5879) --      General caps::extra flags 1
rdpproxy: INFO (5879/5879) --      General caps::extraflags:FASTPATH_OUTPUT_SUPPORTED yes
rdpproxy: INFO (5879/5879) --      General caps::extraflags:LONG_CREDENTIALS_SUPPORTED no
rdpproxy: INFO (5879/5879) --      General caps::extraflags:AUTORECONNECT_SUPPORTED no
rdpproxy: INFO (5879/5879) --      General caps::extraflags:ENC_SALTED_CHECKSUM no
rdpproxy: INFO (5879/5879) --      General caps::extraflags:NO_BITMAP_COMPRESSION_HDR no
rdpproxy: INFO (5879/5879) --      General caps::updateCapability 0
rdpproxy: INFO (5879/5879) --      General caps::remoteUnshare 0
rdpproxy: INFO (5879/5879) --      General caps::compressionLevel 0
rdpproxy: INFO (5879/5879) --      General caps::refreshRectSupport 0
rdpproxy: INFO (5879/5879) --      General caps::suppressOutputSupport 0
rdpproxy: INFO (5879/5879) -- Front::send_demand_active: Sending to client Bitmap caps (28 bytes)
rdpproxy: INFO (5879/5879) --      Bitmap caps::preferredBitsPerPixel 16
rdpproxy: INFO (5879/5879) --      Bitmap caps::receive1BitPerPixel 1
rdpproxy: INFO (5879/5879) --      Bitmap caps::receive4BitsPerPixel 1
rdpproxy: INFO (5879/5879) --      Bitmap caps::receive8BitsPerPixel 1
rdpproxy: INFO (5879/5879) --      Bitmap caps::desktopWidth 1024
rdpproxy: INFO (5879/5879) --      Bitmap caps::desktopHeight 768
rdpproxy: INFO (5879/5879) --      Bitmap caps::pad2octets 0
rdpproxy: INFO (5879/5879) --      Bitmap caps::desktopResizeFlag 1 (yes)
rdpproxy: INFO (5879/5879) --      Bitmap caps::bitmapCompressionFlag 1 yes
rdpproxy: INFO (5879/5879) --      Bitmap caps::highColorFlags 0
rdpproxy: INFO (5879/5879) --      Bitmap caps::drawingFlags 8
rdpproxy: INFO (5879/5879) --      Bitmap caps::drawingFlags:DRAW_ALLOW_DYNAMIC_COLOR_FIDELITY no
rdpproxy: INFO (5879/5879) --      Bitmap caps::drawingFlags:DRAW_ALLOW_COLOR_SUBSAMPLING no
rdpproxy: INFO (5879/5879) --      Bitmap caps::drawingFlags:DRAW_ALLOW_SKIP_ALPHA yes
rdpproxy: INFO (5879/5879) --      Bitmap caps::multipleRectangleSupport 1
rdpproxy: INFO (5879/5879) --      Bitmap caps::pad2octetsB 0
rdpproxy: INFO (5879/5879) -- Front::send_demand_active: Sending to client Font caps (8 bytes)
rdpproxy: INFO (5879/5879) --      Font caps::fontSupportFlags 1
rdpproxy: INFO (5879/5879) --      Font caps::pad2octets 0
rdpproxy: INFO (5879/5879) -- Front::send_demand_active: Sending to client Order caps (88 bytes)
rdpproxy: INFO (5879/5879) --      Order caps::terminalDescriptor 0
rdpproxy: INFO (5879/5879) --      Order caps::pad4octetsA 1078071040
rdpproxy: INFO (5879/5879) --      Order caps::desktopSaveXGranularity 1
rdpproxy: INFO (5879/5879) --      Order caps::desktopSaveYGranularity 20
rdpproxy: INFO (5879/5879) --      Order caps::pad2octetsA 0
rdpproxy: INFO (5879/5879) --      Order caps::maximumOrderLevel 1
rdpproxy: INFO (5879/5879) --      Order caps::numberFonts 47
rdpproxy: INFO (5879/5879) --      Order caps::orderFlags 0x22
rdpproxy: INFO (5879/5879) --      Order caps::orderSupport[DSTBLT] 1
rdpproxy: INFO (5879/5879) --      Order caps::orderSupport[PATBLT] 1
rdpproxy: INFO (5879/5879) --      Order caps::orderSupport[SCRBLT] 1
rdpproxy: INFO (5879/5879) --      Order caps::orderSupport[MEMBLT] 1
rdpproxy: INFO (5879/5879) --      Order caps::orderSupport[MEM3BLT] 1
rdpproxy: INFO (5879/5879) --      Order caps::orderSupport[ATEXTOUT] 0
rdpproxy: INFO (5879/5879) --      Order caps::orderSupport[AEXTTEXTOUT] 0
rdpproxy: INFO (5879/5879) --      Order caps::orderSupport[DRAWNINEGRID] 0
rdpproxy: INFO (5879/5879) --      Order caps::orderSupport[LINETO] 1
rdpproxy: INFO (5879/5879) --      Order caps::orderSupport[MULTI_DRAWNINEGRID] 1
rdpproxy: INFO (5879/5879) --      Order caps::orderSupport[OPAQUERECT] 1
rdpproxy: INFO (5879/5879) --      Order caps::orderSupport[SAVEBITMAP] 0
rdpproxy: INFO (5879/5879) --      Order caps::orderSupport[WTEXTOUT] 0
rdpproxy: INFO (5879/5879) --      Order caps::orderSupport[MEMBLT_V2] 0
rdpproxy: INFO (5879/5879) --      Order caps::orderSupport[MEM3BLT_V2] 0
rdpproxy: INFO (5879/5879) --      Order caps::orderSupport[MULTIDSTBLT] 0
rdpproxy: INFO (5879/5879) --      Order caps::orderSupport[MULTIPATBLT] 0
rdpproxy: INFO (5879/5879) --      Order caps::orderSupport[MULTISCRBLT] 0
rdpproxy: INFO (5879/5879) --      Order caps::orderSupport[MULTIOPAQUERECT] 0
rdpproxy: INFO (5879/5879) --      Order caps::orderSupport[FAST_INDEX] 0
rdpproxy: INFO (5879/5879) --      Order caps::orderSupport[POLYGON_SC] 0
rdpproxy: INFO (5879/5879) --      Order caps::orderSupport[POLYGON_CB] 0
rdpproxy: INFO (5879/5879) --      Order caps::orderSupport[POLYLINE] 1
rdpproxy: INFO (5879/5879) --      Order caps::orderSupport[UnusedIndex7] 0
rdpproxy: INFO (5879/5879) --      Order caps::orderSupport[FAST_GLYPH] 0
rdpproxy: INFO (5879/5879) --      Order caps::orderSupport[ELLIPSE_SC] 1
rdpproxy: INFO (5879/5879) --      Order caps::orderSupport[ELLIPSE_CB] 0
rdpproxy: INFO (5879/5879) --      Order caps::orderSupport[GLYPH] 1
rdpproxy: INFO (5879/5879) --      Order caps::orderSupport[GLYPH_WEXTTEXTOUT] 0
rdpproxy: INFO (5879/5879) --      Order caps::orderSupport[GLYPH_WLONGTEXTOUT] 0
rdpproxy: INFO (5879/5879) --      Order caps::orderSupport[GLYPH_WLONGEXTTEXTOUT] 0
rdpproxy: INFO (5879/5879) --      Order caps::orderSupport[UnusedIndex11] 0
rdpproxy: INFO (5879/5879) --      Order caps::textFlags 1697
rdpproxy: INFO (5879/5879) --      Order caps::orderSupportExFlags 0x0
rdpproxy: INFO (5879/5879) --      Order caps::pad4octetsB 1000000
rdpproxy: INFO (5879/5879) --      Order caps::desktopSaveSize 1000000
rdpproxy: INFO (5879/5879) --      Order caps::pad2octetsC 1
rdpproxy: INFO (5879/5879) --      Order caps::pad2octetsD 0
rdpproxy: INFO (5879/5879) --      Order caps::textANSICodePage 0
rdpproxy: INFO (5879/5879) --      Order caps::pad2octetsE 0
rdpproxy: INFO (5879/5879) -- Front::send_demand_active: Sending to client Pointer caps (10 bytes)
rdpproxy: INFO (5879/5879) --      Pointer caps::colorPointerFlag 1
rdpproxy: INFO (5879/5879) --      Pointer caps::colorPointerCacheSize 25
rdpproxy: INFO (5879/5879) --      Pointer caps::pointerCacheSize 25
rdpproxy: INFO (5879/5879) -- Front::send_demand_active: Sending to client Input caps (88 bytes)
rdpproxy: INFO (5879/5879) --      Input caps::inputFlags 0x39
rdpproxy: INFO (5879/5879) --      Input caps::pad2octetsA 0
rdpproxy: INFO (5879/5879) --      Input caps::keyboardLayout 0
rdpproxy: INFO (5879/5879) --      Input caps::keyboardType 0
rdpproxy: INFO (5879/5879) --      Input caps::keyboardSubType 0
rdpproxy: INFO (5879/5879) --      Input caps::keyboardFunctionKey 0
rdpproxy: INFO (5879/5879) --      Input caps::imeFileName 
rdpproxy: INFO (5879/5879) -- Front::send_demand_active: Sending to client VirtualChannel caps (12 bytes)
rdpproxy: INFO (5879/5879) --      VirtualChannel caps::flags 0
rdpproxy: INFO (5879/5879) --      VirtualChannel caps::VCChunkSize 1600
rdpproxy: INFO (5879/5879) -- Front::send_demand_active: Sending to client BitmapCacheHostSupport caps (8 bytes)
rdpproxy: INFO (5879/5879) --      BitmapCacheHostSupportCaps::1
rdpproxy: INFO (5879/5879) -- Front::send_demand_active: Sending to client Share caps (8 bytes)
rdpproxy: INFO (5879/5879) --      Share caps::nodeId 1033
rdpproxy: INFO (5879/5879) --      Share caps::pad2octets 46562
rdpproxy: INFO (5879/5879) -- Front::send_demand_active: Sending to client ColorCache caps (8 bytes)
rdpproxy: INFO (5879/5879) --      ColorCache caps::colorTableCacheSize 6
rdpproxy: INFO (5879/5879) --      ColorCache caps::pad2octets 0
rdpproxy: INFO (5879/5879) -- Front::send_demand_active: Sending to client LargePointer caps (6 bytes)
rdpproxy: INFO (5879/5879) --      LargePointer caps::largePointerSupportFlags 1
rdpproxy: INFO (5879/5879) -- Front::send_demand_active: Sending to client MultifragmentUpdate caps (8 bytes)
rdpproxy: INFO (5879/5879) --      MultifragmentUpdate caps::MaxRequestSize 0
rdpproxy: INFO (5879/5879) -- Front::send_demand_active: done
rdpproxy: INFO (5879/5879) -- Front::incoming: ACTIVATE_AND_PROCESS_DATA
rdpproxy: INFO (5879/5879) -- Front::incoming: Received CONFIRMACTIVEPDU
rdpproxy: INFO (5879/5879) -- Front::process_confirm_active
rdpproxy: INFO (5879/5879) -- Front::process_confirm_active: lengthSourceDescriptor = 8
rdpproxy: INFO (5879/5879) -- Front::process_confirm_active: lengthCombinedCapabilities = 436
rdpproxy: INFO (5879/5879) -- Front::process_confirm_active: Receiving from client General caps (24 bytes)
rdpproxy: INFO (5879/5879) --      General caps::major 4
rdpproxy: INFO (5879/5879) --      General caps::minor 7
rdpproxy: INFO (5879/5879) --      General caps::protocol 512
rdpproxy: INFO (5879/5879) --      General caps::pad2octetA 0
rdpproxy: INFO (5879/5879) --      General caps::compression type 0
rdpproxy: INFO (5879/5879) --      General caps::extra flags 41d
rdpproxy: INFO (5879/5879) --      General caps::extraflags:FASTPATH_OUTPUT_SUPPORTED yes
rdpproxy: INFO (5879/5879) --      General caps::extraflags:LONG_CREDENTIALS_SUPPORTED yes
rdpproxy: INFO (5879/5879) --      General caps::extraflags:AUTORECONNECT_SUPPORTED yes
rdpproxy: INFO (5879/5879) --      General caps::extraflags:ENC_SALTED_CHECKSUM yes
rdpproxy: INFO (5879/5879) --      General caps::extraflags:NO_BITMAP_COMPRESSION_HDR yes
rdpproxy: INFO (5879/5879) --      General caps::updateCapability 0
rdpproxy: INFO (5879/5879) --      General caps::remoteUnshare 0
rdpproxy: INFO (5879/5879) --      General caps::compressionLevel 0
rdpproxy: INFO (5879/5879) --      General caps::refreshRectSupport 0
rdpproxy: INFO (5879/5879) --      General caps::suppressOutputSupport 0
rdpproxy: INFO (5879/5879) -- Front::process_confirm_active: Receiving from client Bitmap caps (28 bytes)
rdpproxy: INFO (5879/5879) --      Bitmap caps::preferredBitsPerPixel 16
rdpproxy: INFO (5879/5879) --      Bitmap caps::receive1BitPerPixel 1
rdpproxy: INFO (5879/5879) --      Bitmap caps::receive4BitsPerPixel 1
rdpproxy: INFO (5879/5879) --      Bitmap caps::receive8BitsPerPixel 1
rdpproxy: INFO (5879/5879) --      Bitmap caps::desktopWidth 1024
rdpproxy: INFO (5879/5879) --      Bitmap caps::desktopHeight 768
rdpproxy: INFO (5879/5879) --      Bitmap caps::pad2octets 0
rdpproxy: INFO (5879/5879) --      Bitmap caps::desktopResizeFlag 1 (yes)
rdpproxy: INFO (5879/5879) --      Bitmap caps::bitmapCompressionFlag 1 yes
rdpproxy: INFO (5879/5879) --      Bitmap caps::highColorFlags 0
rdpproxy: INFO (5879/5879) --      Bitmap caps::drawingFlags 12
rdpproxy: INFO (5879/5879) --      Bitmap caps::drawingFlags:DRAW_ALLOW_DYNAMIC_COLOR_FIDELITY no
rdpproxy: INFO (5879/5879) --      Bitmap caps::drawingFlags:DRAW_ALLOW_COLOR_SUBSAMPLING yes
rdpproxy: INFO (5879/5879) --      Bitmap caps::drawingFlags:DRAW_ALLOW_SKIP_ALPHA yes
rdpproxy: INFO (5879/5879) --      Bitmap caps::multipleRectangleSupport 1
rdpproxy: INFO (5879/5879) --      Bitmap caps::pad2octetsB 0
rdpproxy: INFO (5879/5879) -- Front::process_confirm_active: Receiving from client Order caps (88 bytes)
rdpproxy: INFO (5879/5879) --      Order caps::terminalDescriptor 0
rdpproxy: INFO (5879/5879) --      Order caps::pad4octetsA 0
rdpproxy: INFO (5879/5879) --      Order caps::desktopSaveXGranularity 1
rdpproxy: INFO (5879/5879) --      Order caps::desktopSaveYGranularity 20
rdpproxy: INFO (5879/5879) --      Order caps::pad2octetsA 0
rdpproxy: INFO (5879/5879) --      Order caps::maximumOrderLevel 1
rdpproxy: INFO (5879/5879) --      Order caps::numberFonts 0
rdpproxy: INFO (5879/5879) --      Order caps::orderFlags 0x2A
rdpproxy: INFO (5879/5879) --      Order caps::orderSupport[DSTBLT] 1
rdpproxy: INFO (5879/5879) --      Order caps::orderSupport[PATBLT] 1
rdpproxy: INFO (5879/5879) --      Order caps::orderSupport[SCRBLT] 1
rdpproxy: INFO (5879/5879) --      Order caps::orderSupport[MEMBLT] 1
rdpproxy: INFO (5879/5879) --      Order caps::orderSupport[MEM3BLT] 0
rdpproxy: INFO (5879/5879) --      Order caps::orderSupport[ATEXTOUT] 0
rdpproxy: INFO (5879/5879) --      Order caps::orderSupport[AEXTTEXTOUT] 0
rdpproxy: INFO (5879/5879) --      Order caps::orderSupport[DRAWNINEGRID] 0
rdpproxy: INFO (5879/5879) --      Order caps::orderSupport[LINETO] 1
rdpproxy: INFO (5879/5879) --      Order caps::orderSupport[MULTI_DRAWNINEGRID] 0
rdpproxy: INFO (5879/5879) --      Order caps::orderSupport[OPAQUERECT] 1
rdpproxy: INFO (5879/5879) --      Order caps::orderSupport[SAVEBITMAP] 0
rdpproxy: INFO (5879/5879) --      Order caps::orderSupport[WTEXTOUT] 0
rdpproxy: INFO (5879/5879) --      Order caps::orderSupport[MEMBLT_V2] 0
rdpproxy: INFO (5879/5879) --      Order caps::orderSupport[MEM3BLT_V2] 0
rdpproxy: INFO (5879/5879) --      Order caps::orderSupport[MULTIDSTBLT] 0
rdpproxy: INFO (5879/5879) --      Order caps::orderSupport[MULTIPATBLT] 0
rdpproxy: INFO (5879/5879) --      Order caps::orderSupport[MULTISCRBLT] 0
rdpproxy: INFO (5879/5879) --      Order caps::orderSupport[MULTIOPAQUERECT] 0
rdpproxy: INFO (5879/5879) --      Order caps::orderSupport[FAST_INDEX] 0
rdpproxy: INFO (5879/5879) --      Order caps::orderSupport[POLYGON_SC] 0
rdpproxy: INFO (5879/5879) --      Order caps::orderSupport[POLYGON_CB] 0
rdpproxy: INFO (5879/5879) --      Order caps::orderSupport[POLYLINE] 1
rdpproxy: INFO (5879/5879) --      Order caps::orderSupport[UnusedIndex7] 0
rdpproxy: INFO (5879/5879) --      Order caps::orderSupport[FAST_GLYPH] 0
rdpproxy: INFO (5879/5879) --      Order caps::orderSupport[ELLIPSE_SC] 0
rdpproxy: INFO (5879/5879) --      Order caps::orderSupport[ELLIPSE_CB] 0
rdpproxy: INFO (5879/5879) --      Order caps::orderSupport[GLYPH] 1
rdpproxy: INFO (5879/5879) --      Order caps::orderSupport[GLYPH_WEXTTEXTOUT] 0
rdpproxy: INFO (5879/5879) --      Order caps::orderSupport[GLYPH_WLONGTEXTOUT] 0
rdpproxy: INFO (5879/5879) --      Order caps::orderSupport[GLYPH_WLONGEXTTEXTOUT] 0
rdpproxy: INFO (5879/5879) --      Order caps::orderSupport[UnusedIndex11] 0
rdpproxy: INFO (5879/5879) --      Order caps::textFlags 0
rdpproxy: INFO (5879/5879) --      Order caps::orderSupportExFlags 0x0
rdpproxy: INFO (5879/5879) --      Order caps::pad4octetsB 0
rdpproxy: INFO (5879/5879) --      Order caps::desktopSaveSize 230400
rdpproxy: INFO (5879/5879) --      Order caps::pad2octetsC 0
rdpproxy: INFO (5879/5879) --      Order caps::pad2octetsD 0
rdpproxy: INFO (5879/5879) --      Order caps::textANSICodePage 0
rdpproxy: INFO (5879/5879) --      Order caps::pad2octetsE 0
rdpproxy: INFO (5879/5879) -- RDP PrimaryDrawingOrders=""
rdpproxy: INFO (5879/5879) -- Front::process_confirm_active: Receiving from client BitmapCache2 caps (40 bytes)
rdpproxy: INFO (5879/5879) --      BitmapCache2 caps::cacheFlags 3
rdpproxy: INFO (5879/5879) --      BitmapCache2 caps::pad1 0
rdpproxy: INFO (5879/5879) --      BitmapCache2 caps::numCellCache 5
rdpproxy: INFO (5879/5879) --      BitmapCache2 caps::bitampCache0CellInfo NumEntries=600 persistent=no
rdpproxy: INFO (5879/5879) --      BitmapCache2 caps::bitampCache1CellInfo NumEntries=600 persistent=no
rdpproxy: INFO (5879/5879) --      BitmapCache2 caps::bitampCache2CellInfo NumEntries=2048 persistent=no
rdpproxy: INFO (5879/5879) --      BitmapCache2 caps::bitampCache3CellInfo NumEntries=4096 persistent=no
rdpproxy: INFO (5879/5879) --      BitmapCache2 caps::bitampCache4CellInfo NumEntries=2048 persistent=no
rdpproxy: INFO (5879/5879) -- Front::process_confirm_active: Receiving from client Pointer caps (10 bytes)
rdpproxy: INFO (5879/5879) --      Pointer caps::colorPointerFlag 1
rdpproxy: INFO (5879/5879) --      Pointer caps::colorPointerCacheSize 20
rdpproxy: INFO (5879/5879) --      Pointer caps::pointerCacheSize 20
rdpproxy: INFO (5879/5879) -- Front::process_confirm_active: Receiving from client CAPSTYPE_INPUT
rdpproxy: INFO (5879/5879) -- Front::process_confirm_active: Receiving from client CAPSTYPE_BRUSH
rdpproxy: INFO (5879/5879) -- Front::process_confirm_active: Receiving from client BrushCache caps (8 bytes)
rdpproxy: INFO (5879/5879) --      BrushCacheCaps caps::brushSupportLevel 2
rdpproxy: INFO (5879/5879) -- Front::process_confirm_active: Receiving from client CAPSTYPE_GLYPHCACHE
rdpproxy: INFO (5879/5879) -- Front::process_confirm_active: Receiving from client GlyphCache caps (52 bytes)
rdpproxy: INFO (5879/5879) --      GlyphCache caps::GlyphCache[0].CacheEntries=254
rdpproxy: INFO (5879/5879) --      GlyphCache caps::GlyphCache[0].CacheMaximumCellSize=4
rdpproxy: INFO (5879/5879) --      GlyphCache caps::GlyphCache[1].CacheEntries=254
rdpproxy: INFO (5879/5879) --      GlyphCache caps::GlyphCache[1].CacheMaximumCellSize=4
rdpproxy: INFO (5879/5879) --      GlyphCache caps::GlyphCache[2].CacheEntries=254
rdpproxy: INFO (5879/5879) --      GlyphCache caps::GlyphCache[2].CacheMaximumCellSize=8
rdpproxy: INFO (5879/5879) --      GlyphCache caps::GlyphCache[3].CacheEntries=254
rdpproxy: INFO (5879/5879) --      GlyphCache caps::GlyphCache[3].CacheMaximumCellSize=8
rdpproxy: INFO (5879/5879) --      GlyphCache caps::GlyphCache[4].CacheEntries=254
rdpproxy: INFO (5879/5879) --      GlyphCache caps::GlyphCache[4].CacheMaximumCellSize=16
rdpproxy: INFO (5879/5879) --      GlyphCache caps::GlyphCache[5].CacheEntries=254
rdpproxy: INFO (5879/5879) --      GlyphCache caps::GlyphCache[5].CacheMaximumCellSize=32
rdpproxy: INFO (5879/5879) --      GlyphCache caps::GlyphCache[6].CacheEntries=254
rdpproxy: INFO (5879/5879) --      GlyphCache caps::GlyphCache[6].CacheMaximumCellSize=64
rdpproxy: INFO (5879/5879) --      GlyphCache caps::GlyphCache[7].CacheEntries=254
rdpproxy: INFO (5879/5879) --      GlyphCache caps::GlyphCache[7].CacheMaximumCellSize=128
rdpproxy: INFO (5879/5879) --      GlyphCache caps::GlyphCache[8].CacheEntries=254
rdpproxy: INFO (5879/5879) --      GlyphCache caps::GlyphCache[8].CacheMaximumCellSize=256
rdpproxy: INFO (5879/5879) --      GlyphCache caps::GlyphCache[9].CacheEntries=64
rdpproxy: INFO (5879/5879) --      GlyphCache caps::GlyphCache[9].CacheMaximumCellSize=256
rdpproxy: INFO (5879/5879) --      GlyphCache caps::FragCache 16777472
rdpproxy: INFO (5879/5879) --      GlyphCache caps::GlyphSupportLevel 2
rdpproxy: INFO (5879/5879) --      GlyphCache caps::pad2octets 0
rdpproxy: INFO (5879/5879) -- Front::process_confirm_active: Receiving from client CAPSTYPE_VIRTUALCHANNEL
rdpproxy: INFO (5879/5879) -- Front::process_confirm_active: Receiving from client CAPSTYPE_SOUND
rdpproxy: INFO (5879/5879) -- Front::process_confirm_active: Receiving from client CAPSTYPE_SHARE
rdpproxy: INFO (5879/5879) -- Front::process_confirm_active: Receiving from client CAPSTYPE_CONTROL
rdpproxy: INFO (5879/5879) -- Front::process_confirm_active: Receiving from client CAPSTYPE_COLORCACHE
rdpproxy: INFO (5879/5879) -- Front::process_confirm_active: Receiving from client CAPSTYPE_ACTIVATION
rdpproxy: INFO (5879/5879) -- Front::process_confirm_active: Receiving from client CAPSTYPE_OFFSCREENCACHE
rdpproxy: INFO (5879/5879) -- Front::process_confirm_active: Receiving from client OffScreenCache caps (12 bytes)
rdpproxy: INFO (5879/5879) --      OffScreenCache caps::offscreenSupportLevel 1
rdpproxy: INFO (5879/5879) --      OffScreenCache caps::offscreenCacheSize 7680
rdpproxy: INFO (5879/5879) --      OffScreenCache caps::offscreenCacheEntries 2000
rdpproxy: INFO (5879/5879) -- Front::process_confirm_active: Receiving from client LargePointer caps (6 bytes)
rdpproxy: INFO (5879/5879) --      LargePointer caps::largePointerSupportFlags 1
rdpproxy: INFO (5879/5879) -- Front::process_confirm_active: Receiving from client MultifragmentUpdate caps (8 bytes)
rdpproxy: INFO (5879/5879) --      MultifragmentUpdate caps::MaxRequestSize 65535
rdpproxy: INFO (5879/5879) -- Front::process_confirm_active: done p=0x7ffe65cbbb71 end=0x7ffe65cbbb71
rdpproxy: INFO (5879/5879) -- Front::reset: use_bitmap_comp=1
rdpproxy: INFO (5879/5879) -- Front::reset: use_compact_packets=1
rdpproxy: INFO (5879/5879) -- Front::reset: bitmap_cache_version=0
rdpproxy: INFO (5879/5879) -- Front::reset: Use RDP 4.0 Bulk compression
rdpproxy: INFO (5879/5879) -- Front::incoming: Received CONFIRMACTIVEPDU done
rdpproxy: INFO (5879/5879) -- Front::incoming: ACTIVATE_AND_PROCESS_DATA
rdpproxy: INFO (5879/5879) -- Front::send_synchronize
rdpproxy: INFO (5879/5879) -- Sec clear payload to send:
rdpproxy: INFO (5879/5879) -- /* 0000 */ 0x16, 0x00, 0x17, 0x00, 0x09, 0x04, 0x02, 0x00, 0x01, 0x00, 0x00, 0x02, 0x16, 0x00, 0x1f, 0x00,  // ................
rdpproxy: INFO (5879/5879) -- /* 0010 */ 0x00, 0x00, 0x01, 0x00, 0xea, 0x03,                                                              // ......
rdpproxy: INFO (5879/5879) -- Front::send_synchronize: done
rdpproxy: INFO (5879/5879) -- Front::incoming: ACTIVATE_AND_PROCESS_DATA
rdpproxy: INFO (5879/5879) -- Front::send_control: action=4
rdpproxy: INFO (5879/5879) -- Sec clear payload to send:
rdpproxy: INFO (5879/5879) -- /* 0000 */ 0x1a, 0x00, 0x17, 0x00, 0x09, 0x04, 0x02, 0x00, 0x01, 0x00, 0x00, 0x02, 0x1a, 0x00, 0x14, 0x00,  // ................
rdpproxy: INFO (5879/5879) -- /* 0010 */ 0x00, 0x00, 0x04, 0x00, 0x00, 0x00, 0xea, 0x03, 0x00, 0x00,                                      // ..........
rdpproxy: INFO (5879/5879) -- Front::send_control: done. action=4
rdpproxy: INFO (5879/5879) -- Front::incoming: ACTIVATE_AND_PROCESS_DATA
rdpproxy: INFO (5879/5879) -- Front::send_control: action=2
rdpproxy: INFO (5879/5879) -- Sec clear payload to send:
rdpproxy: INFO (5879/5879) -- /* 0000 */ 0x1a, 0x00, 0x17, 0x00, 0x09, 0x04, 0x02, 0x00, 0x01, 0x00, 0x00, 0x02, 0x1a, 0x00, 0x14, 0x00,  // ................
rdpproxy: INFO (5879/5879) -- /* 0010 */ 0x00, 0x00, 0x02, 0x00, 0x00, 0x00, 0xea, 0x03, 0x00, 0x00,                                      // ..........
rdpproxy: INFO (5879/5879) -- Front::send_control: done. action=2
rdpproxy: INFO (5879/5879) -- Front::incoming: ACTIVATE_AND_PROCESS_DATA
rdpproxy: INFO (5879/5879) -- Front::incoming: ACTIVATE_AND_PROCESS_DATA
rdpproxy: INFO (5879/5879) -- Front::send_fontmap
rdpproxy: INFO (5879/5879) -- Sec clear payload to send:
rdpproxy: INFO (5879/5879) -- /* 0000 */ 0xbe, 0x00, 0x17, 0x00, 0x09, 0x04, 0x02, 0x00, 0x01, 0x00, 0x00, 0x02, 0xbe, 0x00, 0x28, 0x00,  // ..............(.
rdpproxy: INFO (5879/5879) -- /* 0010 */ 0x00, 0x00, 0xff, 0x02, 0xb6, 0x00, 0x28, 0x00, 0x00, 0x00, 0x27, 0x00, 0x27, 0x00, 0x03, 0x00,  // ......(...'.'...
rdpproxy: INFO (5879/5879) -- /* 0020 */ 0x04, 0x00, 0x00, 0x00, 0x26, 0x00, 0x01, 0x00, 0x1e, 0x00, 0x02, 0x00, 0x1f, 0x00, 0x03, 0x00,  // ....&...........
rdpproxy: INFO (5879/5879) -- /* 0030 */ 0x1d, 0x00, 0x04, 0x00, 0x27, 0x00, 0x05, 0x00, 0x0b, 0x00, 0x06, 0x00, 0x28, 0x00, 0x08, 0x00,  // ....'.......(...
rdpproxy: INFO (5879/5879) -- /* 0040 */ 0x21, 0x00, 0x09, 0x00, 0x20, 0x00, 0x0a, 0x00, 0x22, 0x00, 0x0b, 0x00, 0x25, 0x00, 0x0c, 0x00,  // !... ..."...%...
rdpproxy: INFO (5879/5879) -- /* 0050 */ 0x24, 0x00, 0x0d, 0x00, 0x23, 0x00, 0x0e, 0x00, 0x19, 0x00, 0x0f, 0x00, 0x16, 0x00, 0x10, 0x00,  // $...#...........
rdpproxy: INFO (5879/5879) -- /* 0060 */ 0x15, 0x00, 0x11, 0x00, 0x1c, 0x00, 0x12, 0x00, 0x1b, 0x00, 0x13, 0x00, 0x1a, 0x00, 0x14, 0x00,  // ................
rdpproxy: INFO (5879/5879) -- /* 0070 */ 0x17, 0x00, 0x15, 0x00, 0x18, 0x00, 0x16, 0x00, 0x0e, 0x00, 0x18, 0x00, 0x0c, 0x00, 0x19, 0x00,  // ................
rdpproxy: INFO (5879/5879) -- /* 0080 */ 0x0d, 0x00, 0x1a, 0x00, 0x12, 0x00, 0x1b, 0x00, 0x14, 0x00, 0x1f, 0x00, 0x13, 0x00, 0x20, 0x00,  // .............. .
rdpproxy: INFO (5879/5879) -- /* 0090 */ 0x00, 0x00, 0x21, 0x00, 0x0a, 0x00, 0x22, 0x00, 0x06, 0x00, 0x23, 0x00, 0x07, 0x00, 0x24, 0x00,  // ..!..."...#...$.
rdpproxy: INFO (5879/5879) -- /* 00a0 */ 0x08, 0x00, 0x25, 0x00, 0x09, 0x00, 0x26, 0x00, 0x04, 0x00, 0x27, 0x00, 0x03, 0x00, 0x28, 0x00,  // ..%...&...'...(.
rdpproxy: INFO (5879/5879) -- /* 00b0 */ 0x02, 0x00, 0x29, 0x00, 0x01, 0x00, 0x2a, 0x00, 0x05, 0x00, 0x2b, 0x00, 0x2a, 0x00,              // ..)...*...+.*.
rdpproxy: INFO (5879/5879) -- Front::send_fontmap: done
rdpproxy: INFO (5879/5879) -- Front::send_data_update_sync
rdpproxy: INFO (5879/5879) -- Front::process_data: --------------> UP AND RUNNING <--------------
rdpproxy: INFO (5879/5879) -- Front::process_data: asking for selector
rdpproxy: DEBUG (5879/5879) -- SessionReactor::set_next_event 1
rdpproxy: INFO (5879/5879) -- Front::incoming: UP_AND_RUNNING
rdpproxy: WARNING (5879/5879) -- Front::incoming: Received Fast-Path PUD, remains=10
rdpproxy: WARNING (5879/5879) -- Unexpected receiving 'session_probe' - '0'
rdpproxy: INFO (5879/5879) -- ===========> MODULE_NEXT
rdpproxy: INFO (5879/5879) -- login RDP 
rdpproxy: INFO (5879/5879) -- selector RDP 
rdpproxy: INFO (5879/5879) -- selector_legacy RDP 
rdpproxy: INFO (5879/5879) -- confirm RDP 
rdpproxy: INFO (5879/5879) -- challenge RDP 
rdpproxy: INFO (5879/5879) -- valid RDP 
rdpproxy: INFO (5879/5879) -- transitory RDP 
rdpproxy: INFO (5879/5879) -- close RDP 
rdpproxy: INFO (5879/5879) -- close_back RDP 
rdpproxy: INFO (5879/5879) -- interactive_target RDP 
rdpproxy: INFO (5879/5879) -- RDP RDP 
rdpproxy: INFO (5879/5879) -- ----------> ACL next_module : RDP 2 <--------
rdpproxy: INFO (5879/5879) -- ----------> ACL new_mod <--------
rdpproxy: INFO (5879/5879) -- target_module=MODULE_RDP(2)
rdpproxy: WARNING (5879/5879) -- AclSerializer::start_session_log: failed to extract date
rdpproxy: INFO (5879/5879) -- ModuleManager::Creation of new mod 'RDP'
rdpproxy: [rdpproxy] psid="15789992875879" user="nico" type="TARGET_CONNECTION" target="nico" host="xx.xx.xx.xx" port="3389"
rdpproxy: INFO (5879/5879) -- connecting to xx.xx.xx.xx:3389
rdpproxy: INFO (5879/5879) -- connection to xx.xx.xx.xx:3389 (xx.xx.xx.xx) succeeded : socket 9
rdpproxy: INFO (5879/5879) -- RDP ExtraPrimaryDrawingOrders="15,16,17,18,22"
rdpproxy: INFO (5879/5879) -- RDP OrderNumber=15
rdpproxy: INFO (5879/5879) -- RDP ExtraOrder=MultiDstBlt
rdpproxy: INFO (5879/5879) -- RDP OrderNumber=16
rdpproxy: INFO (5879/5879) -- RDP ExtraOrder=MultiPatBlt
rdpproxy: INFO (5879/5879) -- RDP OrderNumber=17
rdpproxy: INFO (5879/5879) -- RDP ExtraOrder=MultiScrBlt
rdpproxy: INFO (5879/5879) -- RDP OrderNumber=18
rdpproxy: INFO (5879/5879) -- RDP ExtraOrder=MultiOpaqueRect
rdpproxy: INFO (5879/5879) -- RDP OrderNumber=22
rdpproxy: INFO (5879/5879) -- RDP ExtraOrder=Polyline
rdpproxy: INFO (5879/5879) -- Remote RDP Server domain="" login="nico" host="ruur"
rdpproxy: INFO (5879/5879) -- Creation of new mod 'RDP'
rdpproxy: INFO (5879/5879) -- ModRDPParams target_user="nico"
rdpproxy: INFO (5879/5879) -- ModRDPParams target_password="<hidden>"
rdpproxy: INFO (5879/5879) -- ModRDPParams target_host="xx.xx.xx.xx"
rdpproxy: INFO (5879/5879) -- ModRDPParams client_address="0.0.0.0"
rdpproxy: INFO (5879/5879) -- ModRDPParams application_params.primary_user_id=""
rdpproxy: INFO (5879/5879) -- ModRDPParams application_params.target_application=""
rdpproxy: INFO (5879/5879) -- ModRDPParams primary_drawing_orders_support.as_uint()=847811f
rdpproxy: INFO (5879/5879) -- ModRDPParams enable_tls=yes

How to define recording path

I have set following attributes on ACL:

{
    "is_rec": "true",
    "rec_path": "/trails/<uuid>/",
    "trace_type": "2",
    "encryption_key": "<enc key>",
    "sign_key": "<sign key>",
    "target_host": "<target address>",
    "target_port": "<target port>",
    "target_login": "<target user>",
    "target_password: "<target password>",
    "proto_dest": "RDP",
    "module": "RDP",
    "login": "<target user>",
    "session_id": "<uuid>",
    "enable_server_cert_external_validation": "true",
}

And I have compiled this project with RECORD_PATH=/.

This creates files in /trails/<uuid> called -000000.wrm and .mwrm. Unfortunately .mwrm is not a valid name for redrec -i and if I rename the .mwrm to rec.mwrm it doesn't decrypt due to I'm guessing mismatch in filename.

If I set "rec_path": "/trails/<uuid>/rec, I get files /rec-000000.wrm and /rec.wrm. Now the files have correct name, but incorrect path.

Is there some other parameter in the ACL I could use to produce a valid filename in rec_path?

wallix / redemption Goto Github PK

redemption's Introduction

About ReDemPtion

Compilation

Dependencies

FFmpeg

Ubuntu / Debian

Other distros

Compile from source

Run tests

Verbose tests

Compilation error in test_snappy.cpp

Runtime error in test_video_capture.cpp

Modes and options

Setting build variables

Local installation

Musl libc

Add .cpp file

Run Redemption

Setting Redemption

Migrate the configuration to the next version

Session recording

Convert .mwrm/.wrm capture to video

Compile proxy_recorder

Packaging

Test files

redemption's People

Contributors

Stargazers

Watchers

Forkers

redemption's Issues

Motivation

Solution

Implementation plan

/gcc/tools/redrec /gcc/bin/gcc-7/release/libredrec.so -f --video-codec mp4 -i file.wrm -o output_prefix

/usr/local/bin/rdpproxy -nf

Recommend Projects

Recommend Topics

Recommend Org