[GUACAMOLE-880] Obfuscation of guacamole client protocol - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Wish
Status: Closed
Priority: Major
Resolution: Won't Do
Affects Version/s: None
Fix Version/s: None
Component/s: guacamole-client, guacamole-server
Labels:
- security

Description

One of the reasons we deploy guacamole is to limit data leakage possibilities. We recently had a audit on our infrastructure and it was shown that it was quite easy to leak out data through the guacamole protocol by creating special images inside the desktop and then using mitmproxy (python) and the guacamole python modules to capture the data inside those images.

In order to limit the attack surface we would like to have obfuscation of the protocol if configured to do so. Of course this could be done by implementing a custom protocol, but it would be nice if Guacamole would have the facilities (hooks) to do this. One could think of allowing a custom function to encrypt/obfuscate the outgoing stream and attach into the javascript that decrypts the stream.

Attachments

Activity

People

Assignee:: Unassigned

Reporter:: Bolke de Bruin

Votes:: 0 Vote for this issue

Watchers:: 4 Start watching this issue

Dates

Created:: 15/Sep/19 13:25

Updated:: 28/Jan/20 06:55

Resolved:: 27/Jan/20 22:32