-
Notifications
You must be signed in to change notification settings - Fork 248
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
fix: Add TPROXY support for client-MITM connections #205
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
TProxy changes are great! Otherwise, it is mostly little things here and there to cleanup.
The bulk of the comments highlight the fact that we should merge L2 and network namespace approaches as one.
I proposed @alxbl to do it. I'll take it from here and ask him to review once I'm done.
I assume this means you'll be taking over the PR and committing those changes you mentioned. I'll let you take care of it, otherwise let me know. |
IP forwarding enable, using TPROXY instead of REDIRECT and added how to start pyrdp.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I re-tested everything in my environment. L2, L3 w/ option 1 and option 2.
I was able to remove the requirement for a local IP in option 1. So it's either: you do ARP (option 1) or you pin ARP (option 2). I validated by looking at a tcpdump
of ARP traffic on the MITM host as I was intercepting RDP.
@alxbl I let you do the final ACK/merge.
LGTM! |
This PR implements a clean version of the patch documented in #204. It also splits the transparent proxying configuration examples to a different file to keep the main README clean.
I'd like @obilodeau to merge his documentation from #204 in
docs/transparent-proxy.md
and then we can close that issue as well.Closes #204, Closes #64