DEFT4 has arrived! In this release, there are many new features.
The novelty of Xplico in Def4 are:
- console-mode Xplico execution
- acquisition and processing in realtime (in console-mode)
- access to every HTTP message. You can examine:
- request header and body
- response header and body
- Therefore it will be viewed the request body of the POST
- Internet Printing Protocol (IPP) and Printer Job Language (PJL) dissectors. With these dissecors you can view, in PDF format, the pages printed with printers that use PCL5E, PCL5C, and PCL6 formats (for example HP LaserJet 2300dn, HP LaserJet 4). Other formats (ex: Zenographics ZJ-stream) are in development
- viewing any video transited in HTTP with content-type “video/flv” extracted from pcap file (ex: YouTube video)
- browsing all images transported in HTTP
- improvement of displaying Web pages extracted from pcap file
Remember to run xplico–start from the Terminal and then launch Firefox with URL: http://localhost
Xplico at present is unable to avoid sniffer evasion tool handling TTL (IP Time To Live). In version 0.6, Xplico will no longer be affected by this type of attack.
A good sniffer evasion tool is SniffJoke. SniffJoke prevent Xplico to reconstruct the traffic … and not only to Xplico 😉 .