There were the same prerequisites for creating the RDP proxy that there were for SSH proxy i.e. so that the user could use the desktop app and not the web browser.
RDP proxy is implemented on the netty network framework, all the protocols necessary for the current implementation were implemented independently, including the transport layer protocols t123, t124, t125, x224, in particular, server-side NTLM was implemented (for SSH proxy we used mina-ssd, for RDP proxy we ourselves parse and create binary packages packets). The operation principles are the same as in SSH proxy:
- The user is authorized on the proxy server
- Server checks login / password, workflows
- The server opens a connection to the remote server and authorizes using the credentials that are stored in a record
- All traffic from the user is sent to the server and back.
In RDP proxy we support keystrokes recording, we store everything that the user has typed in the database as events. We support screen recording, we can then generate a video, we support saving files and text transferred through the clipboard.
We have a record type called remote app. When a user connects to a remote app record, then he does not open a desktop session, but immediately starts some application, it can be a browser that goes to some site and immediately enters a password, it can be database administration tools that connect to the database with the required credentials. Initially, it worked in web-based RDP sessions, and then we made support for RDP proxy as well.
To do this, we launch our client’s shell on the remote server, which then communicates with the client’s server, receives from it an encrypted application launch script and encrypted credentials. Then the resulting script launches the desired application and enters credentials.