PyRDP: Python 3 Remote Desktop Protocol Man-in-the-Middle


PyRDP is a Python 3 Remote Desktop Protocol (RDP) Man-in-the-Middle (MITM) and library.


It features a few tools:

  • RDP Man-in-the-Middle
    • Logs credentials used to connect
    • Steals data copied to the clipboard
    • Saves a copy of the files transferred over the network
    • Saves replays of connections so you can look at them later
  • RDP Player:
    • See live RDP connections coming from the MITM
    • View replays of RDP connections
  • RDP Certificate Cloner:
    • Create a self-signed X509 certificate with the same fields as an RDP server’s certificate

We are using this tool as part of an RDP honeypot which records sessions and saves a copy of the malware dropped on our target machine.

As of now, the MITM records the following events:

  • Bitmap graphics
  • Mouse movements
  • Keyboard input
  • Connection info (local IP address, username, password, domain, computer name)
  • Clipboard content

Install && Use

Copyright (C) 2018 GoSecure