Open Source Network Forensic Analysis Tool (NFAT) 

Twitter E-mail RSS

Gmail visualization from pcap capture

If you sniff, with tcpdump or other tools, all Gmail traffic (before login) and you give this capture to Xplico using Web interface, then you can view the emails of Gmail, even if you have not read the email (this is true only for the first emails on the list).
Obviously, before capture the Gmail traffic, you must clean the cache of Firefox to force the download of all contents, this to allow Xplico to rebuild all data.
The Web interface (PHP code) is necessary and it is also necessary:

  1. to use Firefox in the same machine where is Web interface (Apache)
  2. to enable proxy in Firefox  (HTTP porxy: localhost Port: 80).

You can use DEFT (v3x, v4, …) to test this feature.


Even Google Calendar can  be rebuilt with Xplico. In this screenshot you can view an example, obtained from the pcap file extracted from archive of  PyFlag project.

This feature is experimental and it is in development. Now the engine is written in PHP but we are developing an engine in C with many more features.