Xplico

We are pleased to announce the DEFT Linux 7 and the new release of Xplico.

Xplico 0.7.1 fixes some bugs:

• RTP bug fixed
• dispatcher core functionality bug fixed
• mfile manipulator bug fixed
• XI bugs fixed
• added DB migration tool

We are working to 1.0.0 version and you can try it here.

If you are a fun of Xplico, please vote for it 2011 Toolsmith Tool of the Year.

Enjoy!

Thanks to Larry Rogers the new release of Xplico can be downloaded from the CERT Linux Forensics Tools Repository. The RPM are available for Fedora 16, 15, 14 and 13.
The announcement says:

xplico-0.7.1-1.{fc13,fc14,fc15,fc16}.{i386,x86_64}.rpm – xplico is an Internet traffic decoder. See the Xplico website for the list of changes in this version. Note that RHEL/CentOS is not supported due to a lack of Python Version 3 support.

Enjoy!

This version introduces improvement on Webmail sniffing/decoding and the language localization.

Changelog:

• upgraded the XI to Cakephp 1.3
• added the ICMPv6 dissector
• Ethernet dissector improved (for ICMPv6)
• one of two Xplico’s deadlock is solved
• fixed the communication bug between xplico and the manipulators
• SDP dissector bug fixed
• SIP and TCP dissectors improved
• WebMail manipulator and all Python3 scripts improved (ready to new webmail entry… see pol )
• added pcap file name on CLI report
• capture modules log improved
• new GeoIP version: 1.4.8
• added IPv6 Hop-by-Hop options
• Xplico and all Manipulators with dual stack (IPv4, IPv6)
• XI language localization (each fix is ​​well come): Arabic, Chinese, German, English, French, Hindi, Italian, Japanese, Portuguese, Russian, Spanish, Turkish
• DNS bug fixed
• added the MDNS dissector
• added AOL WebMail
• added Yahoo! WebMail
• added Yahoo! Mail for Andorid Mobile
• added Gmail

We thank:

• briaeros007 (member of the forum) for his test about IPv6 functionality on Xplico’s applications
• James Fisher, he has found and fixed a bug in the HTTP dissector

Enjoy Xplico!

Lawrence R. Rogers has built and released Xplico 0.6.3 for Fedora 11, 12, 13, 14, 15 and CentOS/RHEL . You can find it at the CERT Linux Forensics Tools Repository.
Carlos Gacimartín has built the VirtualBox image with Xplico 0.6.3. You can find it here.

In this release:

• 32 and 64 bit
• new decoding manager (DeMa): version 0.3.1
• mfile manipulator (HTTP file transfer) bug fixes
• WebMail scripts improved
• HTTP dissector improved
• XI: upgraded the javascript libraries

Enjoy !

This version introduces l7-patterns classifier for all flows not decoded, also there is the improvement of the real time acquisition, new features for the XI (Xplico Interface) and many bugs fixes.

ChangeLog:

• l7-patterns for all flows/protocols not decoded by xplico
• Xplico Interface (XI) improved
• python3 porting of many scripts
• realtime capture module improved
• facebook chat realtime view
• UTC/localtime bug fixes
• l2tp dissector bug fixes
• cli and lite dispatchers bug fixes
• telnet dissector bug fixes
• trigcap bug fixes
• new script named session_mng.pyc to facilitate the creation of new case and/or new session from command line

We thank naif for his support and his availability.

The decoding performance are:

• from command line: 5.9 MB/s
• from Xplico Interface (XI) with SQLite DB (=> lite dispatcher): 1.76 MB/s
• from Xplico Interface with MySQL DB (=> ximysql dispatcher): 4.09 MB/s

measured on an Aspire 5633WLMi (Intel Core 2 Duo processor T5500 with 1GB RAM an HD IDE controller) with the pcap http://domex.nps.edu/corp/scenarios/2009-m57/net/day11-18.dmp.zip (851 MB).

As always: Enjoy !

In this version new dissectors, new features and obviously many bugfix:

• Paltalk chat dissector
• MSN dissector (beta basic version)
• XI Cookie hijacking
• XI pagination for Images and Web
• XI XSS fixed
• XI bugfix

We thank:

• Tim Hentenaa for his Paltalk reverse engineering
• Steve-William KISSI to have found various XSS
• Daniele Franchetto for MSN dissector
• Michele Dallachiesa for cookietools

You can found Xplico 0.6.1 in DEFT Linux 6 and you can download VirtualBox.org image, source code and Ubuntu 10.10 package here.

Enjoy

Larry Rogers has built and tested Xplico version 0.6.0 for the CERT.
The rpm package is available for Fedora 11-14 from CERT Forensics Appliance repository.

More info and for all comments please see here.

Thank to Larry Rogers.

At SourceForge there is a VirtualBox.org image of Debian 5.0 with Xplico 0.6.0 installed and running.

Click here to download it.

Thanks to Carlos Gacimartín.

In this version there are bugfix, dissectors improvements and new features:

• XI configuration pages
• XI administator pages
• XI multi-user
• IRC dissector
• ARP/RAP dissector
• radiotap dissector
• GeoMap latitude and longitude selectable from XI
• CLI decoding directory (xdecode) selectable
• Telent dissector with PIPI
• Paltalk Express dissector and aggregator (basic version)
• sftp/scp pcap files upload

Any feedback is welcome.

You can download source code and Ubuntu 10.04 package here.

Enjoy .