Details
-
Wish
-
Status: Closed
-
Major
-
Resolution: Won't Do
-
None
-
None
Description
One of the reasons we deploy guacamole is to limit data leakage possibilities. We recently had a audit on our infrastructure and it was shown that it was quite easy to leak out data through the guacamole protocol by creating special images inside the desktop and then using mitmproxy (python) and the guacamole python modules to capture the data inside those images.
In order to limit the attack surface we would like to have obfuscation of the protocol if configured to do so. Of course this could be done by implementing a custom protocol, but it would be nice if Guacamole would have the facilities (hooks) to do this. One could think of allowing a custom function to encrypt/obfuscate the outgoing stream and attach into the javascript that decrypts the stream.