Ask Your Question
0

rdp decryption over ssl

asked 2018-11-23 04:18:40 +0000

Rockky gravatar image

I have a piece of software that sends keystrokes over RDP using SendKeys, but currently it isn't working and I want to know why. I have access to both client and server encryption keys, so the plan was to decrypt the session and see what is being sent, and why it fails, but when I go to configure the RSA keys list, I get the following message:

While 'rdp' is a valid dissector filter name, that dissector is not configured to support ssl decryption. If you need to decrypt 'rdp' over ssl, please contact the Wireshark development team.

What are my options here? Can this be achieved?

Thanks for any assistance.

edit retag flag offensive close merge delete
add a comment

1 Answer

Sort by ยป oldest newest most voted
0

answered 2019-08-23 18:38:43 +0000

Cy1337 gravatar image

You should specify tpkt instead of rdp as the underlying protocol. I guess some of the documentation out there is out of date. Please refer to Wireshark Wiki RDP Page for details.

edit flag offensive delete link more
add a comment

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower

subscribe to rss feed

Stats

Asked: 2018-11-23 04:18:40 +0000

Seen: 1,488 times

Last updated: Aug 23 '19

Related questions

how to invert two bytes in lua script dissector ?

How do I get and display packet data information at a specific byte from the first byte?

why protocol is not showing as HTTP even though we sent http request ?

Adjusting Bit order and Endianess in LUA between Dissectors

How do I add "child item" to an item in the subtree?

PRP Dissector and FCS

Use a UDP payload dissector depending on ip addresses

Reuse (part of) a Wireshark Dissector

Heuristic dissector not called

How do I dissect multiple packets?