Xplico

January 7, 2009
Comments Off on SniffJoke 0.2
Note

SniffJoke 0.2

An example of the effectiveness of SniffJoke is given by this pcap. It is easy to verify that Wireshark and other tools reconstruct the data entering the traffic generated by SbiffJoke, making reconstruction wrong.
Try this pcap… with your best tool.

November 22, 2008
Comments Off on Source code
Improvements, Release

Source code

Released sources code of Xplico DEFT4 (see download).

November 22, 2008
Comments Off on DEFT 4 console-mode
DEFT

DEFT 4 console-mode

With DEFT4, without run X (deft-gui), you can capture and decode ethernet traffic in this way:
Read more…

November 15, 2008
Comments Off on DEFT 4
DEFT, News

DEFT 4

DEFT4 has arrived! In this release, there are many new features.
The novelty of Xplico in Def4 are:

console-mode Xplico execution
acquisition and processing in realtime (in console-mode)
access to every HTTP message. You can examine:
- request header and body
- response header and body
- Therefore it will be viewed the request body of the POST
Internet Printing Protocol (IPP) and Printer Job Language (PJL) dissectors. With these dissecors you can view, in PDF format, the pages printed with printers that use PCL5E, PCL5C, and PCL6 formats (for example HP LaserJet 2300dn, HP LaserJet 4). Other formats (ex: Zenographics ZJ-stream) are in development
viewing any video transited in HTTP with content-type “video/flv” extracted from pcap file (ex: YouTube video)
browsing all images transported in HTTP
improvement of displaying Web pages extracted from pcap file

Remember to run xplico–start from the Terminal and then launch Firefox with URL: http://localhost

November 9, 2008
Comments Off on New Site
News

New Site

… just to start

August 29, 2008
Comments Off on Sniffer evasion tool
Improvements

Sniffer evasion tool

Xplico at present is unable to avoid sniffer evasion tool handling TTL (IP Time To Live). In version 0.6, Xplico will no longer be affected by this type of attack.
A good sniffer evasion tool is SniffJoke. SniffJoke prevent Xplico to reconstruct the traffic … and not only to Xplico 😉 .

July 17, 2008
Comments Off on Internet Printing Protocol
Dissectors

Internet Printing Protocol

Completed IPP (Internet Printing Protocol) and PJL (Printer Job Language) dissectors. These dissectors convert the traffic network printers in pdf file format. Thanks to MT-Lab for the idea.
This pdf file is an example of reconstruciton (from Wireshark ipp.pcap).