Thank you Mike, this looks like it's a bit out of my league. Is there someone you can recommend that I can hire to develop this feature ?
Regards, Dejan ________________________________ From: Michael Jumper <[email protected]> Sent: 06 December 2022 00:51 To: [email protected] <[email protected]> Subject: Re: Shared connection input passthrough I think you'd be better off writing an extension that decorates the Connection objects returned by other extensions: https://guacamole.apache.org/doc/guacamole-ext/org/apache/guacamole/net/auth/AbstractAuthenticationProvider.html#decorate(org.apache.guacamole.net.auth.UserContext,org.apache.guacamole.net.auth.AuthenticatedUser,org.apache.guacamole.net.auth.Credentials) After decorating the UserContext of another extension, you can further decorate the Directory<Connection> returned by getConnectionDirectory(). The DecoratingDirectory class is intended to make this easier: https://guacamole.apache.org/doc/guacamole-ext/org/apache/guacamole/net/auth/DecoratingDirectory.html You can then decorate (wrap) any Connection returned by that Directory with your own implementation that does whatever it likes. In this case, you'd wrap the GuacamoleTunnel returned by connect() and inspect the instructions received. The FilteredGuacamoleSocket class would be the best candidate for that kind of checking: https://guacamole.apache.org/doc/guacamole-common/org/apache/guacamole/protocol/FilteredGuacamoleSocket.html That class lets you provide filters that can inspect, drop, or override instructions that are sent or received. - Mike On Fri, Dec 2, 2022 at 1:35 AM Dejan Milovanovic <[email protected]<mailto:[email protected]>> wrote: Hi Nick, thank you for the response. I did manage to record guac protocol to a file, but that removes the "real-time" factor of the analysis. You've mentioned recording guacd protocol to socket, I haven't seen an example of that online. What would I have to do to achieve this? Do I need to make some changes to guacd code, or is there some configuration magic that I don't know of? Kind regards, Dejan ________________________________ From: Nick Couchman <[email protected]<mailto:[email protected]>> Sent: 01 December 2022 19:32 To: [email protected]<mailto:[email protected]> <[email protected]<mailto:[email protected]>> Subject: Re: Shared connection input passthrough On Thu, Dec 1, 2022 at 4:52 AM Dejan Milovanovic <[email protected]<mailto:[email protected]>> wrote: > > Hi all, > > I'm using guacamole to provide users with access to remote windows machines, > and I'm trying to analyse user's actions on these machines in real-time. > > What I tried to do is generate shared connection and listen for guacamole > protocol messages on that shared connection. This works great, but the issue > I have with this approach is that keyboard and mouse actions are not > transmitted on the shared connection socket. > > Is there a way to have these missing messages in the shared connection ? > Or is there another way of observing users tunnel without disturbing their > RDP session? No, I do not think what you're asking to do is going to work, because the input from a share connection is not sent to all of the users, nor is there any particular way to enable that at the moment. The non-owner participants in a connection are usually only going to get the image data that is sent from guacd back to any joined connections. It is likely possible to implement what you're asking for - it's essentially what enabling recording does, which just writes the guac protocol data to a file. Have you considered trying to record to a file (or, perhaps, a socket) and then pointing your analysis tool at that, instead? Beyond that, you'd probably need some code changes to guacd to do what you're wanting to do. -Nick --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected]<mailto:[email protected]> For additional commands, e-mail: [email protected]<mailto:[email protected]>
