Open Source Network Forensic Analysis Tool (NFAT) 

Twitter E-mail RSS

Xplico 1.2.2

Photo taken by Julien Lagarde (Creative Commons (CC))

Xplico 1.2.2 is now available.


ChangeLog:

  • Migration from GeoIP to GeoIP2
  • nDPI updated
  • CakePHP 2.10.17
  • Bugfix

Enjoy.


Xpico 1.2.1: Xplico vulnerability

Mehmet D. İNCE from invictuseurope.com discovered several vulnerability related to the Xplico software. He identified three different vulnerability, two classified as “Hight severity” and one as “Medium severity”. The number assigned for this vulnerability of Xplico is CVE-2017-16666. More details here.
Thanks to Mehmet’s detail report and the collaboration of  Mehmet and of Doug Burks of Security Onion Solutions, vulnerabilities have been resolved.
This release fix these issues. It is recommended and exhorts to upgrade your Xplico installations.

Thanks again to Mehmet D. İNCE and to Doug Burks.
Gianluca Costa

Xplico 1.2.0

Xplico 1.2.0 is now available.

ChangeLog:

  • Migration from PHP5 to PHP7
  • CakePHP 2.8
  • nDPI updated
  • IMAP bug fix
  • Bugfix: reported on Security Onion

Enjoy.

Ubuntu 12.04 and VirtualBox Image

The VirtualBox image of Xplico 1.0.0 can be downloaded here.

Xplico for Ubuntu 12.04 can be installed following the howto or it can be downloaded here.

We are developing the new version, some new features, like the use of nDPI library, may be tested with the Demo (Xplico in the cloud) . Any feedback is welcome.

Thanks to Carlos Gacimartín.

Enjoy.

Xplico 1.0.0 Released

Xplico 1.0.0 is now available!

ChangeLog:

  • SQLite dispatcher performance improved
  • added the PPI dissector
  • added the syslog dissector
  • added “Bogus IP length” correction with checksum verification disabled
  • new Facebook Chat dissector for the new Facebook chat protocol
  • SIP dissector improved
  • IMAP dissector improved and bugs fixed
  • DNS dissector PIPI improved
  • Yahoo Webmail bugs fixed
  • Live/Hotmail WebMail Spanish version
  • GeoMap improved
  • PCap-over-IP

Xplico Repository (Ubuntu 11.04 or higher)

To install Xplico in your Ubuntu Server or in your Desktop now you can use the official Xplico repository. With four simple steps you can have Xplico running and updated.

sudo bash -c 'echo "deb http://repo.xplico.org/ $(lsb_release -s -c) main" >> /etc/apt/sources.list'
sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 791C25CE
sudo apt-get update
sudo apt-get install xplico


Thanks

 

Xplico 0.7.1: DEFT Linux 7

We are pleased to announce the DEFT Linux 7 and the new release of Xplico.

Xplico 0.7.1 fixes some bugs:DEFT Linux 7

  • RTP bug fixed
  • dispatcher core functionality bug fixed
  • mfile manipulator bug fixed
  • XI bugs fixed
  • added DB migration tool

We are working to 1.0.0 version and you can try it here.

If you are a fun of Xplico, please vote for it 2011 Toolsmith Tool of the Year.

Enjoy!

CERT Linux Forensics Tools

Thanks to Larry Rogers the new release of Xplico can be downloaded from the CERT Linux Forensics Tools Repository. The RPM are available for Fedora 16, 15, 14 and 13.
The announcement says:

xplico-0.7.1-1.{fc13,fc14,fc15,fc16}.{i386,x86_64}.rpm – xplico is an Internet traffic decoder. See the Xplico website for the list of changes in this version. Note that RHEL/CentOS is not supported due to a lack of Python Version 3 support.

Enjoy!

Xplico 0.7.0: Gmail and language localization

This version introduces improvement on Webmail sniffing/decoding and the language localization.

The Earth seen from Apollo 17 (NASA)Changelog:

  • upgraded the XI to Cakephp 1.3
  • added the ICMPv6 dissector
  • Ethernet dissector improved (for ICMPv6)
  • one of two Xplico’s deadlock is solved
  • fixed the communication bug between xplico and the manipulators
  • SDP dissector bug fixed
  • SIP and TCP dissectors improved
  • WebMail manipulator and all Python3 scripts improved (ready to new webmail entry… see pol 😉 )
  • added pcap file name on CLI report
  • capture modules log improved
  • new GeoIP version: 1.4.8
  • added IPv6 Hop-by-Hop options
  • Xplico and all Manipulators with dual stack (IPv4, IPv6)
  • XI language localization (each fix is ​​well come): Arabic, Chinese, German, English, French, Hindi, Italian, Japanese, Portuguese, Russian, Spanish, Turkish
  • DNS bug fixed
  • added the MDNS dissector
  • added AOL WebMail
  • added Yahoo! WebMail
  • added Yahoo! Mail for Andorid Mobile
  • added Gmail

We thank:

  • briaeros007 (member of the forum) for his test about IPv6 functionality on Xplico’s applications
  • James Fisher, he has found and fixed a bug in the HTTP dissector

Enjoy Xplico!

Fedora 11-15, CentOS/RHEL repositories and VirtualBox

Lawrence R. Rogers has built and released Xplico 0.6.3 for Fedora 11, 12, 13, 14, 15 and CentOS/RHEL . You can find it at the CERT Linux Forensics Tools Repository.
Carlos Gacimartín has built the VirtualBox image with Xplico 0.6.3. You can find it here.

Xplico 0.6.3: 64Bit

In this release:

  • 32 and 64 bit
  • new decoding manager (DeMa): version 0.3.1
  • mfile manipulator (HTTP file transfer) bug fixes
  • WebMail scripts improved
  • HTTP dissector improved
  • XI: upgraded the javascript libraries

Enjoy !