Shared connection input passthrough

[Dejan Milovanovic <de...@mylivezone.com>]

Hi all,

I'm using guacamole to provide users with access to remote windows machines, and I'm trying to analyse user's actions on these machines in real-time.

What I tried to do is generate shared connection and listen for guacamole protocol messages on that shared connection. This works great, but the issue I have with this approach is that keyboard and mouse actions are not transmitted on the shared connection socket.

Is there a way to have these missing messages in the shared connection ?
Or is there another way of observing users tunnel without disturbing their RDP session?

I'm using JSON authentication/data source to generate these connections.

Thanks,
Dejan

Re: Shared connection input passthrough

[Dejan Milovanovic <de...@mylivezone.com>]

Thank you Mike, this looks like it's a bit out of my league. Is there someone you can recommend that I can hire to develop this feature ?

Regards,
Dejan
________________________________
From: Michael Jumper <mj...@apache.org>
Sent: 06 December 2022 00:51
To: user@guacamole.apache.org <us...@guacamole.apache.org>
Subject: Re: Shared connection input passthrough

I think you'd be better off writing an extension that decorates the Connection objects returned by other extensions:

https://guacamole.apache.org/doc/guacamole-ext/org/apache/guacamole/net/auth/AbstractAuthenticationProvider.html#decorate(org.apache.guacamole.net.auth.UserContext,org.apache.guacamole.net.auth.AuthenticatedUser,org.apache.guacamole.net.auth.Credentials)

After decorating the UserContext of another extension, you can further decorate the Directory<Connection> returned by getConnectionDirectory(). The DecoratingDirectory class is intended to make this easier:

https://guacamole.apache.org/doc/guacamole-ext/org/apache/guacamole/net/auth/DecoratingDirectory.html

You can then decorate (wrap) any Connection returned by that Directory with your own implementation that does whatever it likes. In this case, you'd wrap the GuacamoleTunnel returned by connect() and inspect the instructions received. The FilteredGuacamoleSocket class would be the best candidate for that kind of checking:

https://guacamole.apache.org/doc/guacamole-common/org/apache/guacamole/protocol/FilteredGuacamoleSocket.html

That class lets you provide filters that can inspect, drop, or override instructions that are sent or received.

- Mike

On Fri, Dec 2, 2022 at 1:35 AM Dejan Milovanovic <de...@mylivezone.com>> wrote:
Hi Nick,

thank you for the response.

I did manage to record guac protocol to a file, but that removes the "real-time" factor of the analysis.

You've mentioned recording guacd protocol to socket, I haven't seen an example of that online. What would I have to do to achieve this?
Do I need to make some changes to guacd code, or is there some configuration magic that I don't know of?

Kind regards,
Dejan
________________________________
From: Nick Couchman <vn...@apache.org>>
Sent: 01 December 2022 19:32
To: user@guacamole.apache.org<ma...@guacamole.apache.org> <us...@guacamole.apache.org>>
Subject: Re: Shared connection input passthrough

On Thu, Dec 1, 2022 at 4:52 AM Dejan Milovanovic
<de...@mylivezone.com>> wrote:
>
> Hi all,
>
> I'm using guacamole to provide users with access to remote windows machines, and I'm trying to analyse user's actions on these machines in real-time.
>
> What I tried to do is generate shared connection and listen for guacamole protocol messages on that shared connection. This works great, but the issue I have with this approach is that keyboard and mouse actions are not transmitted on the shared connection socket.
>
> Is there a way to have these missing messages in the shared connection ?
> Or is there another way of observing users tunnel without disturbing their RDP session?

No, I do not think what you're asking to do is going to work, because
the input from a share connection is not sent to all of the users, nor
is there any particular way to enable that at the moment. The
non-owner participants in a connection are usually only going to get
the image data that is sent from guacd back to any joined connections.

It is likely possible to implement what you're asking for - it's
essentially what enabling recording does, which just writes the guac
protocol data to a file. Have you considered trying to record to a
file (or, perhaps, a socket) and then pointing your analysis tool at
that, instead? Beyond that, you'd probably need some code changes to
guacd to do what you're wanting to do.

-Nick

---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@guacamole.apache.org<ma...@guacamole.apache.org>
For additional commands, e-mail: user-help@guacamole.apache.org<ma...@guacamole.apache.org>

Re: Shared connection input passthrough

[Michael Jumper <mj...@apache.org>]

I think you'd be better off writing an extension that decorates the
Connection objects returned by other extensions:

https://guacamole.apache.org/doc/guacamole-ext/org/apache/guacamole/net/auth/AbstractAuthenticationProvider.html#decorate(org.apache.guacamole.net.auth.UserContext,org.apache.guacamole.net.auth.AuthenticatedUser,org.apache.guacamole.net.auth.Credentials)

After decorating the UserContext of another extension, you can further
decorate the Directory<Connection> returned by getConnectionDirectory().
The DecoratingDirectory class is intended to make this easier:

https://guacamole.apache.org/doc/guacamole-ext/org/apache/guacamole/net/auth/DecoratingDirectory.html

You can then decorate (wrap) any Connection returned by that Directory with
your own implementation that does whatever it likes. In this case, you'd
wrap the GuacamoleTunnel returned by connect() and inspect the instructions
received. The FilteredGuacamoleSocket class would be the best candidate for
that kind of checking:

https://guacamole.apache.org/doc/guacamole-common/org/apache/guacamole/protocol/FilteredGuacamoleSocket.html

That class lets you provide filters that can inspect, drop, or override
instructions that are sent or received.

- Mike

On Fri, Dec 2, 2022 at 1:35 AM Dejan Milovanovic <
dejan.milovanovic@mylivezone.com> wrote:

> Hi Nick,
>
> thank you for the response.
>
> I did manage to record guac protocol to a file, but that removes the
> "real-time" factor of the analysis.
>
> You've mentioned recording guacd protocol to socket, I haven't seen an
> example of that online. What would I have to do to achieve this?
> Do I need to make some changes to guacd code, or is there some
> configuration magic that I don't know of?
>
> Kind regards,
> Dejan
> ------------------------------
> *From:* Nick Couchman <vn...@apache.org>
> *Sent:* 01 December 2022 19:32
> *To:* user@guacamole.apache.org <us...@guacamole.apache.org>
> *Subject:* Re: Shared connection input passthrough
>
> On Thu, Dec 1, 2022 at 4:52 AM Dejan Milovanovic
> <de...@mylivezone.com> wrote:
> >
> > Hi all,
> >
> > I'm using guacamole to provide users with access to remote windows
> machines, and I'm trying to analyse user's actions on these machines in
> real-time.
> >
> > What I tried to do is generate shared connection and listen for
> guacamole protocol messages on that shared connection. This works great,
> but the issue I have with this approach is that keyboard and mouse actions
> are not transmitted on the shared connection socket.
> >
> > Is there a way to have these missing messages in the shared connection ?
> > Or is there another way of observing users tunnel without disturbing
> their RDP session?
>
> No, I do not think what you're asking to do is going to work, because
> the input from a share connection is not sent to all of the users, nor
> is there any particular way to enable that at the moment. The
> non-owner participants in a connection are usually only going to get
> the image data that is sent from guacd back to any joined connections.
>
> It is likely possible to implement what you're asking for - it's
> essentially what enabling recording does, which just writes the guac
> protocol data to a file. Have you considered trying to record to a
> file (or, perhaps, a socket) and then pointing your analysis tool at
> that, instead? Beyond that, you'd probably need some code changes to
> guacd to do what you're wanting to do.
>
> -Nick
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: user-unsubscribe@guacamole.apache.org
> For additional commands, e-mail: user-help@guacamole.apache.org
>
>

Re: Shared connection input passthrough

[Dejan Milovanovic <de...@mylivezone.com>]

Hi Nick,

thank you for the response.

I did manage to record guac protocol to a file, but that removes the "real-time" factor of the analysis.

You've mentioned recording guacd protocol to socket, I haven't seen an example of that online. What would I have to do to achieve this?
Do I need to make some changes to guacd code, or is there some configuration magic that I don't know of?

Kind regards,
Dejan
________________________________
From: Nick Couchman <vn...@apache.org>
Sent: 01 December 2022 19:32
To: user@guacamole.apache.org <us...@guacamole.apache.org>
Subject: Re: Shared connection input passthrough

On Thu, Dec 1, 2022 at 4:52 AM Dejan Milovanovic
<de...@mylivezone.com> wrote:
>
> Hi all,
>
> I'm using guacamole to provide users with access to remote windows machines, and I'm trying to analyse user's actions on these machines in real-time.
>
> What I tried to do is generate shared connection and listen for guacamole protocol messages on that shared connection. This works great, but the issue I have with this approach is that keyboard and mouse actions are not transmitted on the shared connection socket.
>
> Is there a way to have these missing messages in the shared connection ?
> Or is there another way of observing users tunnel without disturbing their RDP session?

No, I do not think what you're asking to do is going to work, because
the input from a share connection is not sent to all of the users, nor
is there any particular way to enable that at the moment. The
non-owner participants in a connection are usually only going to get
the image data that is sent from guacd back to any joined connections.

It is likely possible to implement what you're asking for - it's
essentially what enabling recording does, which just writes the guac
protocol data to a file. Have you considered trying to record to a
file (or, perhaps, a socket) and then pointing your analysis tool at
that, instead? Beyond that, you'd probably need some code changes to
guacd to do what you're wanting to do.

-Nick

---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@guacamole.apache.org
For additional commands, e-mail: user-help@guacamole.apache.org

Re: Shared connection input passthrough

[Nick Couchman <vn...@apache.org>]

On Thu, Dec 1, 2022 at 4:52 AM Dejan Milovanovic
<de...@mylivezone.com> wrote:
>
> Hi all,
>
> I'm using guacamole to provide users with access to remote windows machines, and I'm trying to analyse user's actions on these machines in real-time.
>
> What I tried to do is generate shared connection and listen for guacamole protocol messages on that shared connection. This works great, but the issue I have with this approach is that keyboard and mouse actions are not transmitted on the shared connection socket.
>
> Is there a way to have these missing messages in the shared connection ?
> Or is there another way of observing users tunnel without disturbing their RDP session?

No, I do not think what you're asking to do is going to work, because
the input from a share connection is not sent to all of the users, nor
is there any particular way to enable that at the moment. The
non-owner participants in a connection are usually only going to get
the image data that is sent from guacd back to any joined connections.

It is likely possible to implement what you're asking for - it's
essentially what enabling recording does, which just writes the guac
protocol data to a file. Have you considered trying to record to a
file (or, perhaps, a socket) and then pointing your analysis tool at
that, instead? Beyond that, you'd probably need some code changes to
guacd to do what you're wanting to do.

-Nick

---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@guacamole.apache.org
For additional commands, e-mail: user-help@guacamole.apache.org