Uploaded image for project: 'Guacamole'
  1. Guacamole
  2. GUACAMOLE-880

Obfuscation of guacamole client protocol

VotersWatch issueWatchersLinkCloneUpdate Comment AuthorReplace String in CommentUpdate Comment VisibilityDelete Comments
    XMLWordPrintableJSON

    Details

      Description

      One of the reasons we deploy guacamole is to limit data leakage possibilities. We recently had a audit on our infrastructure and it was shown that it was quite easy to leak out data through the guacamole protocol by creating special images inside the desktop and then using mitmproxy (python) and the guacamole python modules to capture the data inside those images.

      In order to limit the attack surface we would like to have obfuscation of the protocol if configured to do so. Of course this could be done by implementing a custom protocol, but it would be nice if Guacamole would have the facilities (hooks) to do this. One could think of allowing a custom function to encrypt/obfuscate the outgoing stream and attach into the javascript that decrypts the stream.

        Attachments

          Activity

            People

            • Assignee:
              Unassigned
              Reporter:
              bolke Bolke de Bruin

              Dates

              • Created:
                Updated:
                Resolved:

                Issue deployment