PyRDP: Python 3 Remote Desktop Protocol Man-in-the-Middle
PyRDP
PyRDP is a Python 3 Remote Desktop Protocol (RDP) Man-in-the-Middle (MITM) and library.
It features a few tools:
- RDP Man-in-the-Middle
- Logs credentials used to connect
- Steals data copied to the clipboard
- Saves a copy of the files transferred over the network
- Saves replays of connections so you can look at them later
- RDP Player:
- See live RDP connections coming from the MITM
- View replays of RDP connections
- RDP Certificate Cloner:
- Create a self-signed X509 certificate with the same fields as an RDP server’s certificate
We are using this tool as part of an RDP honeypot which records sessions and saves a copy of the malware dropped on our target machine.
As of now, the MITM records the following events:
- Bitmap graphics
- Mouse movements
- Keyboard input
- Connection info (local IP address, username, password, domain, computer name)
- Clipboard content
Copyright (C) 2018
