-
Notifications
You must be signed in to change notification settings - Fork 252
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
pyrdp player logs are different with/without headless #445
Comments
Seems like Replay is only returning 1 event, the first one |
I can't reproduce this from my setup and @robeving's fix puzzles me so I want to test it out. Can you provide the |
I can provide you an original decrypted PCAP if you like and the command lines I use with pyrdp-convert to get the result. Basically timestamp is always 0 when I do: The only thing unusual in my set up is that the pcap is constructed with a library coming out of our custom RDP load balancer. That being said it looks valid in wireshark and tshark is producing the decrypted pcap. |
Yes, getting a decrypted pcap would be great. Attach it here or send it to my username at gosecure.net. |
The fix proposed in #446 is not going to be accepted in its current form. It affects how all files are replayed (including via the GUI). Using an index instead of a timestamp affects the video reconstruction by stitching together all protocol actions (display, mouse, etc.) without delays or silence. If I could get my hands on a pcap to reproduce I might find another fix. I suspect that it could be fixed at the pyrdp-convert stage instead. |
You might want to check the fix merged in #466 if it improves your situation. The problem was: if several events had the same timestamp, we would bundle them together but the ReplayReader iterator would only process the first event of a given timestamp. Additionally, the length of the conversion to do was evaluated on timestamps rather than events so conversion jobs with events on the same timestamp would end sooner, making the conversion shorter than it should be. cc #446 |
I'm using the latest version of pyrdp
When I run:
venv/bin/pyrdp-player.py /mnt/d/rdpdebug/19700101000000_191.101.157.12%3A50217-10.0.13.101%3A3389.pyrdp
I get this log at the bottom of the screen
But when I run:
venv/bin/pyrdp-player.py --headless /mnt/d/rdpdebug/19700101000000_191.101.157.12%3A50217-10.0.13.101%3A3389.pyrdp
I get either this debug out file
or this from stdout
They should be the same
The text was updated successfully, but these errors were encountered: