table of contents
- trixie-backports 3.24.2+dfsg-1~bpo13+1
- testing 3.24.2+dfsg-1
- unstable 3.26.0+dfsg-1
| freerdp-proxy(1) | FreeRDP | freerdp-proxy(1) |
NAME¶
freerdp-proxy - A server binary allowing MITM proxying of RDP connections
SYNOPSIS¶
freerdp-proxy [-h] [--help] [--buildconfig] [--dump-config <config file>] [-v] [--version] [<config file>]
DESCRIPTION¶
freerdp-proxy can be used to proxy a RDP connection between a target server and connecting clients. Possible usage scenarios are:
- Proxying
- Connect outdated/insecure RDP servers from behind a (more secure) proxy
- Analysis
- Allow detailed protocol analysis of (many) unknown protocol features (channels)
- Inspection
- MITM proxy for session inspection and recording
OPTIONS¶
- -h,--help
- Display a help text explaining usage.
- --buildconfig
- Print the build configuration of the proxy and exit.
- -v,--version
- Print the version of the proxy and exit.
- --dump-config
- Dump a template configuration to <config-ini-file> or to stdout or stderr
- <config-ini-file>
- Start the proxy with settings read from <config-ini-file>
WARNING¶
The proxy does not support authentication out of the box but acts simply as intermediary. Only RDP and TLS security modes are supported for pass through connections. User and password are transmitted in plain text from client to the proxy in these modes. With NLA the credentials never leave the connecting client and only the NTLM hashes are compared.
To implement proper authentication a proxy-module can be implemented that may authenticate against some backend and map connecting users and credentials to target server users and credentials.
TEST SETUP¶
A simple test setup of freerdp-proxy might look like this:
- SAM
- User/Domain/Password
- Alternatively
-
This setup is designed for testing purposes only and does not do any authentication mapping of connecting users to target machine users, so any allowed connecting user will use the same credentials on the target.
EXAMPLES¶
freerdp-proxy /some/config/file
freerdp-proxy --dump-config /some/config/file
PREPARATIONS¶
1. generate certificates for proxy
winpr-makecert -rdp -path . proxy
2. generate proxy configuration
freerdp-proxy --dump-config proxy.ini
3. edit configurartion and:
* provide (preferably absolute) paths for CertificateFile and
PrivateKeyFile generated previously
* remove the CertificateContents and PrivateKeyContents
* Adjust the [Server] settings Host and Port to bind a
specific port on a network interface
* Adjust the [Target] Host and Port settings to the
RDP target server
* Adjust (or remove if unuse) the Plugins settings
3. start proxy server
freerdp-proxy proxy.ini
EXIT STATUS¶
- 0
- Successful program execution.
- 1
- Otherwise.
SEE ALSO¶
AUTHOR¶
FreeRDP <team@freerdp.com>
| 2023-12-14 | 3.26.0 |