blob: c41f97c41772f3132b5ef28dfb707bea6f0f5b36 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
|
.de URL
\\$2 \(laURL: \\$1 \(ra\\$3
..
.if \n[.g] .mso www.tmac
.TH @MANPAGE_NAME@ 1 2023-12-14 "@FREERDP_VERSION_FULL@" "FreeRDP"
.SH NAME
@MANPAGE_NAME@ \- A server binary allowing MITM proxying of RDP connections
.SH SYNOPSIS
.B @MANPAGE_NAME@
[\fB-h\fP]
[\fB--help\fP]
[\fB--buildconfig\fP]
[\fB--dump-config\fP \fB<config file>\fP]
[\fB-v\fP]
[\fB--version\fP]
[\fB<config file>\fP]
.SH DESCRIPTION
.B @MANPAGE_NAME@
can be used to proxy a RDP connection between a target server and connecting clients.
Possible usage scenarios are:
.IP Proxying
Connect outdated/insecure RDP servers from behind a (more secure) proxy
.IP Analysis
Allow detailed protocol analysis of (many) unknown protocol features (channels)
.IP Inspection
MITM proxy for session inspection and recording
.SH OPTIONS
.IP -h,--help
Display a help text explaining usage.
.IP --buildconfig
Print the build configuration of the proxy and exit.
.IP -v,--version
Print the version of the proxy and exit.
.IP --dump-config \fB<config-ini-file>\fP
Dump a template configuration to \fB<config-ini-file>\fP
.IP \fB<config-ini-file>\fP
Start the proxy with settings read from \fB<config-ini-file>\fP
.SH WARNING
The proxy does not support authentication out of the box but acts simply as intermediary.
Only \fBRDP\fP and \fBTLS\fP security modes are supported, \fBNLA\fP will fail for connections to the proxy.
To implement authentication a \fBproxy-module\fP can be implemented that can authenticate against some backend
and map connecting users and credentials to target server users and credentials.
.SH EXAMPLES
@MANPAGE_NAME@ /some/config/file
@MANPAGE_NAME@ --dump-config /some/config/file
.SH PREPARATIONS
1. generate certificates for proxy
\fBwinpr-makecert -rdp -path . proxy\fP
2. generate proxy configuration
\fB@MANPAGE_NAME@ --dump-config proxy.ini\fP
3. edit configurartion and:
* provide (preferrably absolute) paths for \fBCertificateFile\fP and \fBPrivateKeyFile\fP generated previously
* remove the \fBCertificateContents\fP and \fBPrivateKeyContents\fP
* Adjust the \fB[Server]\fP settings \fBHost\fP and \fBPort\fP to bind a specific port on a network interface
* Adjust the \fB[Target]\fP \fBHost\fP and \fBPort\fP settings to the \fBRDP\fP target server
* Adjust (or remove if unuse) the \fBPlugins\fP settings
3. start proxy server
\fB@MANPAGE_NAME@ proxy.ini\fP
.SH EXIT STATUS
.TP
.B 0
Successful program execution.
.TP
.B 1
Otherwise.
.SH SEE ALSO
wlog(7)
.SH AUTHOR
FreeRDP <team@freerdp.com>
|
