RDP_MITM_Core.md

graph LR
    RDP_MITM_Orchestrator["RDP MITM Orchestrator"]
    TCP_Connection_Manager["TCP Connection Manager"]
    X_224_Protocol_Interceptor["X.224 Protocol Interceptor"]
    MCS_Protocol_Interceptor["MCS Protocol Interceptor"]
    RDP_Security_Interceptor["RDP Security Interceptor"]
    RDP_Data_Path_Interceptors["RDP Data Path Interceptors"]
    RDP_Virtual_Channel_Interceptor["RDP Virtual Channel Interceptor"]
    RDP_Protocol_Data_Units_PDUs_["RDP Protocol Data Units (PDUs)"]
    TCP_Connection_Manager -- "forwards raw TCP data streams to" --> RDP_MITM_Orchestrator
    RDP_MITM_Orchestrator -- "sends processed RDP data through" --> TCP_Connection_Manager
    RDP_MITM_Orchestrator -- "initializes and orchestrates" --> X_224_Protocol_Interceptor
    X_224_Protocol_Interceptor -- "processes X.224 PDUs under control of" --> RDP_MITM_Orchestrator
    RDP_MITM_Orchestrator -- "delegates MCS layer processing to" --> MCS_Protocol_Interceptor
    MCS_Protocol_Interceptor -- "manages RDP channels and data segmentation for" --> RDP_MITM_Orchestrator
    RDP_MITM_Orchestrator -- "routes security-related PDUs to" --> RDP_Security_Interceptor
    RDP_Security_Interceptor -- "handles RDP Security layer events and data for" --> RDP_MITM_Orchestrator
    RDP_MITM_Orchestrator -- "directs data path PDU processing to" --> RDP_Data_Path_Interceptors
    RDP_Data_Path_Interceptors -- "processes high-frequency input/output and general RDP updates for" --> RDP_MITM_Orchestrator
    RDP_MITM_Orchestrator -- "initializes and manages virtual channels through" --> RDP_Virtual_Channel_Interceptor
    RDP_Virtual_Channel_Interceptor -- "provides extensible RDP functionalities to" --> RDP_MITM_Orchestrator
    X_224_Protocol_Interceptor -- "deserializes incoming RDP bytes using" --> RDP_Protocol_Data_Units_PDUs_
    X_224_Protocol_Interceptor -- "constructs outgoing RDP messages using" --> RDP_Protocol_Data_Units_PDUs_
    MCS_Protocol_Interceptor -- "deserializes incoming RDP bytes using" --> RDP_Protocol_Data_Units_PDUs_
    MCS_Protocol_Interceptor -- "constructs outgoing RDP messages using" --> RDP_Protocol_Data_Units_PDUs_
    RDP_Security_Interceptor -- "deserializes incoming RDP bytes using" --> RDP_Protocol_Data_Units_PDUs_
    RDP_Security_Interceptor -- "constructs outgoing RDP messages using" --> RDP_Protocol_Data_Units_PDUs_
    RDP_Data_Path_Interceptors -- "deserializes incoming RDP bytes using" --> RDP_Protocol_Data_Units_PDUs_
    RDP_Data_Path_Interceptors -- "constructs outgoing RDP messages using" --> RDP_Protocol_Data_Units_PDUs_
    RDP_Virtual_Channel_Interceptor -- "deserializes incoming RDP bytes using" --> RDP_Protocol_Data_Units_PDUs_
    RDP_Virtual_Channel_Interceptor -- "constructs outgoing RDP messages using" --> RDP_Protocol_Data_Units_PDUs_

Loading

Details

The pyrdp MITM subsystem operates as a layered RDP proxy, orchestrated by the RDP MITM Orchestrator. This orchestrator manages the flow of RDP traffic, delegating specific protocol layer processing to a series of specialized interceptor components. The TCP Connection Manager serves as the foundational network interface, handling raw TCP data streams. Above this, the X.224 Protocol Interceptor manages connection establishment, followed by the MCS Protocol Interceptor for channel management and data segmentation. The RDP Security Interceptor handles encryption and authentication, while RDP Data Path Interceptors process high-frequency RDP updates and input/output. Extensible RDP functionalities, such as clipboard sharing, are managed by the RDP Virtual Channel Interceptor. All interceptor components interact with RDP Protocol Data Units (PDUs) for the crucial tasks of deserializing incoming RDP bytes into structured objects and constructing outgoing RDP messages from these objects, ensuring proper RDP protocol adherence throughout the MITM session.

RDP MITM Orchestrator

The central orchestrator of the RDP MITM session, coordinating various RDP protocol layers.

Related Classes/Methods:

• pyrdp.mitm.RDPMITM

TCP Connection Manager

Manages raw TCP connections, serving as the network entry/exit point for the MITM.

Related Classes/Methods:

• pyrdp.mitm.TCPMITM

X.224 Protocol Interceptor

Handles the X.224 (T.125) protocol layer for connection establishment.

Related Classes/Methods:

• pyrdp.mitm.X224MITM

MCS Protocol Interceptor

Manages the MCS (Multipoint Communication Service) layer, dealing with channel management and data segmentation.

Related Classes/Methods:

• pyrdp.mitm.MCSMITM

RDP Security Interceptor

Intercepts and processes PDUs related to the RDP Security layer, including encryption and authentication.

Related Classes/Methods:

• pyrdp.mitm.SecurityMITM

RDP Data Path Interceptors

Specializes in handling Fast Path and Slow Path PDUs for optimized and general RDP updates and input/output events.

Related Classes/Methods:

• pyrdp.mitm.FastPathMITM
• pyrdp.mitm.SlowPathMITM

RDP Virtual Channel Interceptor

Provides a base for handling RDP Virtual Channels, enabling extensions like clipboard sharing and device redirection.

Related Classes/Methods:

• pyrdp.mitm.VirtualChannelMITM

RDP Protocol Data Units (PDUs)

Defines the data structures for various RDP Protocol Data Units and includes logic for deserializing raw RDP PDU bytes into structured Python objects.

Related Classes/Methods:

• pyrdp.parser.parser
• pyrdp.parser.x224
• pyrdp.parser.mcs
• pyrdp.parser.rdp.connection
• pyrdp.parser.rdp.security
• pyrdp.parser.rdp.fastpath
• pyrdp.parser.rdp.slowpath
• pyrdp.parser.rdp.virtual_channel.clipboard
• pyrdp.parser.rdp.virtual_channel.device_redirection
• pyrdp.pdu.x224
• pyrdp.pdu.mcs
• pyrdp.pdu.rdp.connection
• pyrdp.pdu.rdp.fastpath
• pyrdp.pdu.rdp.input
• pyrdp.pdu.rdp.licensing
• pyrdp.pdu.rdp.ntlmssp
• pyrdp.pdu.rdp.pointer
• pyrdp.pdu.rdp.capability
• pyrdp.pdu.rdp.virtual_channel.clipboard
• pyrdp.pdu.rdp.virtual_channel.device_redirection

FAQ