I had in mind to use PyRDP as a High interaction Honeypot. Running the app with docker, i realized that no matter the Source IP, the logged IP is always the docker NATted ip (172.17.0.1). I would like to keep the source IP address to log it, may it be poissible with a docker network or with some modifications ?
docker run -p 10.10.0.163:3389:3389 --network bridge --user root gosecure/pyrdp:devel-slim pyrdp-mitm 10.10.0.175:3000
[2024-07-30 08:24:52,859] - INFO - GLOBAL - pyrdp.mitm - Target: 10.10.0.175:3000
[2024-07-30 08:24:52,859] - INFO - GLOBAL - pyrdp.mitm - Output directory: /home/pyrdp/pyrdp_output
[2024-07-30 08:24:52,861] - INFO - GLOBAL - pyrdp.mitm.connections - MITM Server listening on 0.0.0.0:3389
[2024-07-30 08:26:13,034] - INFO - romantic_aryabhata_5364781 - pyrdp.mitm.connections.tcp - New client connected from 172.17.0.1:58294
I had in mind to use PyRDP as a High interaction Honeypot. Running the app with docker, i realized that no matter the Source IP, the logged IP is always the docker NATted ip (172.17.0.1). I would like to keep the source IP address to log it, may it be poissible with a docker network or with some modifications ?