VNC connection brokering (RFB protocol server)

Question

Please consider the following scenario:

• VNC Client try to connect with a VNC Server which is behind a NAT.

• I have written a port forwarder in java which help me achieving above task, and it works fine.

• Now I need to, somehow, add a connection brokering functionality within this forwarder so that I can also intercept the communication between VNC Client – Server, and authenticate the VNC Client within the forwarding utility as well.

You may have guessed that actually I am using the password received from VNC Client for some authentication in my app. As the RFB Server can be implemented at application layer, I guess this interception is possible... VNCAuthentication (DES encryption/decryption) is used in all above communication. Upon successful authentication within the forwarding utility I shall just let the forwarding continue for that respective client, else I can close it (stop forwarding).

I have tried some implementation, also tried customizing a java implementation of rfb server... but still not able to get there. It will take some time, I know, but need to confirm if I am thinking straight.

Please let me know if the implementation of above scenario is ambiguous, not possible, or illegitimate and if this is possible, let me have some guild lines...

Answer 1

This seems like a good implementation. Think of it like a VNC proxy, just like an HTTP(S) proxy. There are also HTTP authenticating proxies. You're implementing part of the VNC protocol to create an authenticating VNC proxy.

Maybe you can get some inspiration from VNCProxy, an existing Java VNC proxy.