Xplico version 0.5.5: WebMail
In this version:
- migrating to SQLite3
- telnet dissector
- webmail dissector
- webmail manipulator: Yahoo!, AOL, Hotmail (all without attachments)
- Improved LLC dissector
- Improved XI
- script to check new release (only in source code)
Hotmail (Live) depends on the language. Currently the languages supported are Italian and English.
Any feedback are welcome: forum.
You can download VirtualBox image, source code and Ubuntu 9.10 package here.
Xplico version 0.5.4: Facebook Chat
This version of Xplico introduce new and important features:
- Facebook web chat dissector
- New XI based on CakePHP 1.2.5
- New representation of images
- For each image you can see (with the proxy enabled) the page where the image is contained
- WLAN and LLC basic dissectors
- HTTP dissector Improvements
You can download source code, Ubuntu 9.10 package and VirtualBox.org image here.
Xplico version 0.5.3 and DEFT Vx5
You can find this release in DEFT Vx5 Linux distribution.
You can download source code, Ubuntu 9.10 package and VirtualBox.org image here.
This version of Xplico introduce many new features:
- snoop Packet Capture File Format as input file
- DNS dissector with graphical representation in Xplico Interface (XI)
- NNTP dissector
- PPPOE dissector
- direct live acquisition from XI
- new dispatcher named CLI: this dispatcher organize the data extracted in a tree as this:
xdecode/<ip_src_1>/http
xdecode/<ip_src_1>/mail/
xdecode/<ip_src_1>/nntp
xdecode/<ip_src_1>/ftp
xdecode/<ip_src_1>/...
xdecode/<ip_src_2>/http
xdecode/<ip_src_2>/mail/
xdecode/<ip_src_2>/nntp
xdecode/<ip_src_2>/ftp
xdecode/<ip_src_2>/...
- default CLI dispatcher in command line execution
- file extension for the HTTP contents
We have to thank:
- Carlos Gacimartín, for his help
- Doriano Azzena, for his support in debugging
- Matteo G.P. Flora for inspiration of DNS XI graphics
- Open Flash Chart team for their wonderful tool
- all forum users for their debug
Enjoy ;).
Xplico version 0.5.2
This version of Xplico and especially of Xplico Interface (web user interface) introduce many new features.
Xplico :
- dissectors: Ethernet, pcap, ipv4, ipv6, ppp, sll, tcp (2 type), udp, dns, ftp, http, icmp, imap, ipp, mms, pjl (Printer Job Language), pop, sdp, smtp, tftp, l2tp (instable), vlan (instable)
- reverse dns using only the DNS traffic in the PCAP file
- geographical and temporal map of the connections decoded (The local IP are mapped in Venezia)
- improvements of the regeneration of web pages.
Xplico Interface:
- new look (screenshot)
- summary of the data decoded
- source host selectablly
- visualization (with Wireshark) of all packets and flows that compose the content extracted/reconstructed
- usable from any PC on the network (see install)
- improvements email visualization, (downloadable attachments)
- feed list. Feed reader (RSS and Atom)
- MMS contents visualization
- improvement of research content
- improvements of the regeneration of web pages
Geographical map
By March there will be a new release of Xplico. This new release will have the geographical map of the reconstructions, and (perhaps) the dissector for Multimedia Messaging Service.
An example of geographical map can be found here.
IMAP version
This release introduce the IMAP dissector. With this dissector it is possible reconstruct the e.mails transported by IMAP protocol. The web interface it is the same of last version.
Any bug reports or suggestions are welcome.
You can find source code here.
Internet Printing Protocol
Completed IPP (Internet Printing Protocol) and PJL (Printer Job Language) dissectors. These dissectors convert the traffic network printers in pdf file format. Thanks to MT-Lab for the idea.
This pdf file is an example of reconstruciton (from Wireshark ipp.pcap).
