AttributeError: 'NoneType' object has no attribute 'write' in layer TCP

[PersonaN0nGrata]

i run the program and it used to work, but every connection breaks it now

[2019-10-08 23:23:55,903] - INFO - David124456 - pyrdp.mitm.connections.tcp - New client connected from 218.203.175.99
[2019-10-08 23:23:55,903] - INFO - David124456 - pyrdp.mitm.connections.x224 - Cookie: mstshash=a
[2019-10-08 23:24:24,533] - ERROR - David124456 - pyrdp.mitm.connections.tcp - 'NoneType' object has no attribute 'write'
Traceback (most recent call last):
  File "/home/john/pyrdp/pyrdp/pyrdp/layer/tcp.py", line 91, in dataReceived
    self.recv(data)
  File "/home/john/pyrdp/pyrdp/pyrdp/layer/layer.py", line 143, in recv
    self.pduReceived(pdu)
  File "/home/john/pyrdp/pyrdp/pyrdp/layer/layer.py", line 198, in pduReceived
    self.next.recv(pdu.payload)
  File "/home/john/pyrdp/pyrdp/pyrdp/layer/segmentation.py", line 79, in recv
    layer.recv(forwarded)
  File "/home/john/pyrdp/pyrdp/pyrdp/layer/buffered.py", line 55, in recv
    self.pduReceived(pdu)
  File "/home/john/pyrdp/pyrdp/pyrdp/layer/layer.py", line 198, in pduReceived
    self.next.recv(pdu.payload)
  File "/home/john/pyrdp/pyrdp/pyrdp/layer/layer.py", line 143, in recv
    self.pduReceived(pdu)
  File "/home/john/pyrdp/pyrdp/pyrdp/layer/layer.py", line 195, in pduReceived
    Layer.pduReceived(self, pdu)
  File "/home/john/pyrdp/pyrdp/pyrdp/layer/layer.py", line 110, in pduReceived
    self.observer.onPDUReceived(pdu)
  File "/home/john/pyrdp/pyrdp/pyrdp/core/observer.py", line 82, in __call__
    self.composite.doCall(self.item, args, kwargs)
  File "/home/john/pyrdp/pyrdp/pyrdp/core/observer.py", line 56, in doCall
    getattr(observer, item)(*args, **kwargs)
  File "/home/john/pyrdp/pyrdp/pyrdp/layer/layer.py", line 48, in onPDUReceived
    self.handlers[pdu.header](pdu)
  File "/home/john/pyrdp/pyrdp/pyrdp/mitm/X224MITM.py", line 115, in onClientDisconnectRequest
    self.server.sendPDU(pdu)
  File "/home/john/pyrdp/pyrdp/pyrdp/layer/layer.py", line 151, in sendPDU
    self.previous.sendBytes(data)
  File "/home/john/pyrdp/pyrdp/pyrdp/layer/tpkt.py", line 22, in sendBytes
    self.sendPDU(pdu)
  File "/home/john/pyrdp/pyrdp/pyrdp/layer/layer.py", line 151, in sendPDU
    self.previous.sendBytes(data)
  File "/home/john/pyrdp/pyrdp/pyrdp/layer/tcp.py", line 104, in sendBytes
    self.transport.write(data)
AttributeError: 'NoneType' object has no attribute 'write'
[2019-10-08 23:24:24,534] - ERROR - David124456 - pyrdp.mitm.connections.tcp - Exception occurred when receiving: 0300000b06800000000000

Traceback (most recent call last):
  File "/usr/local/lib/python3.6/dist-packages/twisted/python/log.py", line 103, in callWithLogger
    return callWithContext({"system": lp}, func, *args, **kw)
  File "/usr/local/lib/python3.6/dist-packages/twisted/python/log.py", line 86, in callWithContext
    return context.call({ILogContext: newCtx}, func, *args, **kw)
  File "/usr/local/lib/python3.6/dist-packages/twisted/python/context.py", line 122, in callWithContext
    return self.currentContext().callWithContext(ctx, func, *args, **kw)
  File "/usr/local/lib/python3.6/dist-packages/twisted/python/context.py", line 85, in callWithContext
    return func(*args,**kw)
--- <exception caught here> ---
  File "/usr/local/lib/python3.6/dist-packages/twisted/internet/asyncioreactor.py", line 136, in _readOrWrite
    why = method()
  File "/usr/local/lib/python3.6/dist-packages/twisted/internet/tcp.py", line 243, in doRead
    return self._dataReceived(data)
  File "/usr/local/lib/python3.6/dist-packages/twisted/internet/tcp.py", line 249, in _dataReceived
    rval = self.protocol.dataReceived(data)
  File "/home/john/pyrdp/pyrdp/pyrdp/layer/tcp.py", line 91, in dataReceived
    self.recv(data)
  File "/home/john/pyrdp/pyrdp/pyrdp/layer/layer.py", line 143, in recv
    self.pduReceived(pdu)
  File "/home/john/pyrdp/pyrdp/pyrdp/layer/layer.py", line 198, in pduReceived
    self.next.recv(pdu.payload)
  File "/home/john/pyrdp/pyrdp/pyrdp/layer/segmentation.py", line 79, in recv
    layer.recv(forwarded)
  File "/home/john/pyrdp/pyrdp/pyrdp/layer/buffered.py", line 55, in recv
    self.pduReceived(pdu)
  File "/home/john/pyrdp/pyrdp/pyrdp/layer/layer.py", line 198, in pduReceived
    self.next.recv(pdu.payload)
  File "/home/john/pyrdp/pyrdp/pyrdp/layer/layer.py", line 143, in recv
    self.pduReceived(pdu)
  File "/home/john/pyrdp/pyrdp/pyrdp/layer/layer.py", line 195, in pduReceived
    Layer.pduReceived(self, pdu)
  File "/home/john/pyrdp/pyrdp/pyrdp/layer/layer.py", line 110, in pduReceived
    self.observer.onPDUReceived(pdu)
  File "/home/john/pyrdp/pyrdp/pyrdp/core/observer.py", line 82, in __call__
    self.composite.doCall(self.item, args, kwargs)
  File "/home/john/pyrdp/pyrdp/pyrdp/core/observer.py", line 56, in doCall
    getattr(observer, item)(*args, **kwargs)
  File "/home/john/pyrdp/pyrdp/pyrdp/layer/layer.py", line 48, in onPDUReceived
    self.handlers[pdu.header](pdu)
  File "/home/john/pyrdp/pyrdp/pyrdp/mitm/X224MITM.py", line 115, in onClientDisconnectRequest
    self.server.sendPDU(pdu)
  File "/home/john/pyrdp/pyrdp/pyrdp/layer/layer.py", line 151, in sendPDU
    self.previous.sendBytes(data)
  File "/home/john/pyrdp/pyrdp/pyrdp/layer/tpkt.py", line 22, in sendBytes
    self.sendPDU(pdu)
  File "/home/john/pyrdp/pyrdp/pyrdp/layer/layer.py", line 151, in sendPDU
    self.previous.sendBytes(data)
  File "/home/john/pyrdp/pyrdp/pyrdp/layer/tcp.py", line 104, in sendBytes
    self.transport.write(data)
builtins.AttributeError: 'NoneType' object has no attribute 'write'

[2019-10-08 23:24:24,547] - INFO - David124456 - pyrdp.mitm.connections.tcp - Client connection closed. 'NoneType' object has no attribute 'write'
[2019-10-08 23:24:24,547] - INFO - David124456 - pyrdp.mitm.connections.tcp - Connection report: report: 1.0, connectionTime: 28.64436960220337, totalInput: 0, totalOutput: 0
[2019-10-08 23:47:41,083] - INFO - Johanna202388 - pyrdp.mitm.connections.tcp - New client connected from 202.142.158.154
Task was destroyed but it is pending!
task: <Task pending coro=<X224MITM.connectToServer() done, defined at /home/john/pyrdp/pyrdp/pyrdp/mitm/X224MITM.py:84> wait_for=<Future pending cb=[<TaskWakeupMethWrapper object at 0x7f203e25b348>()]> cb=[Deferred.fromFuture.<locals>.adapt() at /usr/local/lib/python3.6/dist-packages/twisted/internet/defer.py:822]>
[2019-10-08 23:47:41,084] - INFO - Johanna202388 - pyrdp.mitm.connections.x224 - Cookie: mstshash=hello
[2019-10-08 23:47:55,547] - INFO - Johanna202388 - pyrdp.mitm.connections.tcp - Client connection closed. Connection to the other side was lost in a non-clean fashion.
[2019-10-08 23:47:55,547] - INFO - Johanna202388 - pyrdp.mitm.connections.tcp - Connection report: report: 1.0, connectionTime: 14.46387529373169, totalInput: 0, totalOutput: 0
[2019-10-08 23:48:46,116] - INFO - Sherry661032 - pyrdp.mitm.connections.tcp - New client connected from 41.141.90.253
[2019-10-08 23:48:46,117] - INFO - Sherry661032 - pyrdp.mitm.connections.x224 - Cookie: mstshash=hello
[2019-10-08 23:49:01,285] - INFO - Sherry661032 - pyrdp.mitm.connections.tcp - Client connection closed. Connection to the other side was lost in a non-clean fashion.
[2019-10-08 23:49:01,285] - INFO - Sherry661032 - pyrdp.mitm.connections.tcp - Connection report: report: 1.0, connectionTime: 15.169319152832031, totalInput: 0, totalOutput: 0
Task was destroyed but it is pending!
task: <Task pending coro=<X224MITM.connectToServer() done, defined at /home/john/pyrdp/pyrdp/pyrdp/mitm/X224MITM.py:84> wait_for=<Future pending cb=[<TaskWakeupMethWrapper object at 0x7f203e25b0a8>()]> cb=[Deferred.fromFuture.<locals>.adapt() at /usr/local/lib/python3.6/dist-packages/twisted/internet/defer.py:822]>
Task was destroyed but it is pending!
task: <Task pending coro=<X224MITM.connectToServer() done, defined at /home/john/pyrdp/pyrdp/pyrdp/mitm/X224MITM.py:84> wait_for=<Future pending cb=[<TaskWakeupMethWrapper object at 0x7f203e25b2b8>()]> cb=[Deferred.fromFuture.<locals>.adapt() at /usr/local/lib/python3.6/dist-packages/twisted/internet/defer.py:822]>

[Res260]

Are you sure its for every connections? Have you tried connecting using mstsc.exe or freerdp?

PS: you can use "```" to show us the whole log unformatted.

[PersonaN0nGrata]

It works when i start it Up, but then breaks eventually. No tabs show Up on the player either so i assume its because the connections dont go through.
Sorry i messed the formatting, ill fix it when i get to a computer

[obilodeau]

Note: I fixed the formatting of your original report

Can you obtain a packet capture of that RDP exchange? I usually like to run something like:

dumpcap -i eth0 -b duration:$((24 * 60 * 60)) -f "port 3389" -w capture.pcap

dumpcap is part of the wireshark package (doesn't require a GUI to install and run) and with -b it will automatically rotate pcaps every day so that they don't grow too large.

Don't forget to attach the logs/ssl.log so that we can decrypt the exchange.

[PersonaN0nGrata]

I am not actually able to connect to the rdp server.
This is the log from my own attempt, it just keep loading without getting through

It says this when i stop the mitm

Restarting the service makes it work for a short while, and then at some point it crashes again

[obilodeau]

I'm still going to need a pcap and the logs/ssl.log file (or at least debug logs with -L DEBUG) in order to be able to help you. I provided instructions in this comment.

[PersonaN0nGrata]

Im thinking the problem now lies on the actual windows machine i am trying to mitm. It just broke again, I can see the connection coming in on the mitm log, but i dont get "redirected" to the actual machine. I trying going manually on the windows machine, logged in and back out, and then tried rdp again, and this was was connected through to it

So, for some reason the windows 7 machine sometimes gets "locked" somehow it seems

[obilodeau]

• I run a Windows 7 x64 VM on my machine, RDP on 3389 exposed on my host's 127.0.0.1.
• Client: Remina (FreeRDP) connecting to PyRDP on 3390
• PyRDP runs with: pyrdp-mitm.py -l 3390 127.0.0.1:3389

Another attempt connecting from the Microsoft client (mstsc) on Windows 7 x86 hung. It is so slow that any legitimate connection would abort. However, it does succeed eventually:

[2019-10-31 10:51:49,379] - INFO - Kathy580338 - pyrdp.mitm.connections.tcp - New client connected from 192.168.0.112
[2019-10-31 10:51:49,380] - INFO - Kathy580338 - pyrdp.mitm.connections.x224 - No cookie for this connection
[2019-10-31 10:51:49,381] - INFO - Kathy580338 - pyrdp.mitm.connections.tcp - Server connected
[2019-10-31 10:52:38,586] - INFO - Kathy580338 - pyrdp.mitm.connections.tcp - Client connection closed. Connection to the other side was lost in a non-clean fashion: Connection lost.
[2019-10-31 10:52:38,586] - INFO - Kathy580338 - pyrdp.mitm.connections.tcp - Connection report: report: 1.0, connectionTime: 49.20611929893494, totalInput: 0, totalOutput: 0
[2019-10-31 10:52:41,561] - INFO - Kimberly101432 - pyrdp.mitm.connections.tcp - New client connected from 192.168.0.112
[2019-10-31 10:52:41,562] - INFO - Kimberly101432 - pyrdp.mitm.connections.x224 - No cookie for this connection
[2019-10-31 10:52:41,563] - INFO - Kimberly101432 - pyrdp.mitm.connections.tcp - Server connected
CLIENT_RANDOM 5dbaf539e7e09f90909cd975345948a5517124705f2b9cc717c877479518e4f9 1db8210d76a95046363be58bf3066bcf00a8bcfcc4997071cf036eb0e1ec79e85da1ed5c5a99a4d37ea2b954c7b9cde4
[2019-10-31 10:52:41,587] - INFO - Kimberly101432 - pyrdp.mitm.connections.mcs - Client hostname WIN7DIRTY
CLIENT_RANDOM 3cf398b21fca89cde3aedf55c7cf3c6154fbfd59baf450032253c8bb836c1c71 241152885754217c486b5f22662a88c2aab15657fd700b45daab5e82c9e14a72af01ceedeadfb30486ee2dbc8ce48cd1
[2019-10-31 10:52:41,589] - INFO - Kimberly101432 - pyrdp.mitm.connections.mcs - rdpdr <---> Channel #1004
[2019-10-31 10:52:41,589] - INFO - Kimberly101432 - pyrdp.mitm.connections.mcs - rdpsnd <---> Channel #1005
[2019-10-31 10:52:41,589] - INFO - Kimberly101432 - pyrdp.mitm.connections.mcs - drdynvc <---> Channel #1006
[2019-10-31 10:52:41,589] - INFO - Kimberly101432 - pyrdp.mitm.connections.mcs - cliprdr <---> Channel #1007
[2019-10-31 10:52:41,603] - WARNING - Kimberly101432 - pyrdp.mitm.connections.rdpdr - Could not read the RDPDR file mapping at pyrdp_output/mapping.json. The file may not exist or it may have incorrect permissions. A new mapping will be created.
[2019-10-31 10:52:42,813] - INFO - Kimberly101432 - pyrdp.mitm.connections.security - Client Info: username = '\x00', password = '\x00', domain = '\x00', clientAddress = '10.0.2.15\x00'
[2019-10-31 10:52:44,120] - INFO - Kimberly101432 - pyrdp.mitm.connections.rdpdr - Smart card mapped with ID 1: SCARD
[2019-10-31 10:52:51,596] - INFO - Kimberly101432 - pyrdp.mitm.connections.cliprdr - Clipboard data: 'pyrdp-mitm.py -l 3390 127.0.0.1:3389\x00'
[2019-10-31 10:52:51,617] - INFO - Kimberly101432 - pyrdp.mitm.connections.rdpdr - Smart card mapped with ID 1: SCARD
[2019-10-31 10:52:51,622] - INFO - Kimberly101432 - pyrdp.mitm.connections.rdpdr - Credentials candidate from heuristic: pyrdp-malboxes
[2019-10-31 10:52:52,024] - INFO - Kimberly101432 - pyrdp.mitm.connections.rdpdr - Printer mapped with ID 2: PRN2
[2019-10-31 10:52:52,024] - INFO - Kimberly101432 - pyrdp.mitm.connections.rdpdr - Printer mapped with ID 5: PRN5
[2019-10-31 10:52:52,025] - INFO - Kimberly101432 - pyrdp.mitm.connections.rdpdr - Printer mapped with ID 4: PRN4
[2019-10-31 10:52:52,025] - INFO - Kimberly101432 - pyrdp.mitm.connections.rdpdr - Printer mapped with ID 3: PRN3
[2019-10-31 10:53:09,181] - INFO - Kimberly101432 - pyrdp.mitm.connections.tcp - Client connection closed. Connection to the other side was lost in a non-clean fashion: Connection lost.
[2019-10-31 10:53:09,181] - INFO - Kimberly101432 - pyrdp.mitm.connections.tcp - Connection report: report: 1.0, connectionTime: 27.619317770004272, mcs: 263, mcsInput: 139, mcsInput_1003: 27, mcsOutput: 124, mcsOutput_1003: 17, slowPathOutput: 16, slowPathInput: 26, fastPathOutput: 141, fastPathInput: 102, mcsOutput_1004: 18, deviceRedirection: 27, deviceRedirectionServer: 18, mcsInput_1004: 18, deviceRedirectionClient: 9, mcsOutput_1006: 55, virtualChannel: 85, virtualChannelOutput: 85, mcsInput_1006: 87, virtualChannelInput: 91, mcsOutput_1007: 4, clipboard: 7, clipboardServer: 4, mcsInput_1007: 3, clipboardClient: 3, clipboardCopies: 1, deviceRedirectionIORequest: 1, mcsOutput_1005: 30, mcsInput_1005: 4, totalInput: 344, totalOutput: 372, clientServerRatio: 0.9247311827956989

It took 10 seconds before I got prompted for the certificate error.

What are you using as a client and destination (OS version and x64/x86)?

[obilodeau]

I attempted to profile the 10 seconds lag and I can no longer reproduce. I think it was a one-off thing caused by my client VM having multiple network cards (tun, vpn, loopback) and me not waiting long enough for it to be ready for work.

[PersonaN0nGrata]

I am pretty sure my issue here is the windows machine for some reason. It looks like when some1 has been on the windows machine and not exited correctly its gets "locked" and then the mitm cant forward to it or something. Then i have to log on the windows machine, and then correctly log out again, and then the mitm can foward traffic to it again :S

Just tried a fresh win7 install and its the same issue

[PersonaN0nGrata]

This happened because the windows machine went on standby, without me being able to see it.