Index out of range during protocol negotiation when using host name

[tfriesen]

Win X client, Server 2008 R2 server.

Interestingly, if I use the IP instead of the domain name, I get issue #17 instead. On rare occasions, this will 'work', and I get issue #17 again.

(With debug:)

[] Spoofing arp replies...
[] Turning on IP forwarding...
[] Set iptables rules for SYN packets...
[] Waiting for a SYN packet to the original destination...
[+] Got it! Original destination is ****
[] Clone the x509 certificate of the original destination...
[] Adjust the iptables rule for all packets...
[*] Run RDP proxy...
Warning: The python3 module 'hexdump' is missing. Using hexlify instead.
Listening for new connection
Connection received from ****:34673
From client:

Listening for new connection
Exception in thread Thread-1:
Traceback (most recent call last):
File "/usr/lib/python3.6/threading.py", line 916, in _bootstrap_inner
self.run()
File "/root/src/Seth/seth/main.py", line 37, in run
self.handle_protocol_negotiation()
File "/root/src/Seth/seth/main.py", line 100, in handle_protocol_negotiation
self.save_vars({"RDP_PROTOCOL_OLD": data[-4]})
IndexError: index out of range

This would suggest that the socket read on line 98 is returning no data. Confirmed with a print(len(data)) check.

[AdrianVollmer]

If no data is returned, this means the peer has reset the connection. Maybe a pcap file of the connection could tell us more.