Xplico 1.2.2
Xplico 1.2.2 is now available.
ChangeLog:
- Migration from GeoIP to GeoIP2
- nDPI updated
- CakePHP 2.10.17
- Bugfix
Enjoy.
Xpico 1.2.1: Xplico vulnerability
Mehmet D. İNCE from invictuseurope.com discovered several vulnerability related to the Xplico software. He identified three different vulnerability, two classified as “Hight severity” and one as “Medium severity”. The number assigned for this vulnerability of Xplico is CVE-2017-16666. More details here.
Thanks to Mehmet’s detail report and the collaboration of Mehmet and of Doug Burks of Security Onion Solutions, vulnerabilities have been resolved.
This release fix these issues. It is recommended and exhorts to upgrade your Xplico installations.
Thanks again to Mehmet D. İNCE and to Doug Burks.
Gianluca Costa
Xplico 1.2.0
Xplico 1.2.0 is now available.
ChangeLog:
- Migration from PHP5 to PHP7
- CakePHP 2.8
- nDPI updated
- IMAP bug fix
- Bugfix: reported on Security Onion
Enjoy.
Xplico 1.1.2: CapAnalysis
As some of you might know CapAnalysis is open source. To analyze the pcap files CapAnalysis uses Xplico with some specific dissectors.
With this release of Xplico we complete the open source migration of CapAnalysis.
Everyone can use CapAnalysis not only by installing it but also by freely using it from the demo site. The demo gives the possibility to upload up to 20MB of PCAP files. No password is required and all data are deleted automatically at 00:00 UTC the day after the creation of dataset.
From the point of view of Xplico users this release doesn’t introduce new features.
The code can be found on GitHub.
Xplico 1.1.1
Xplico 1.1.0 is now available.
ChangeLog:
- nDPI updated
- MGCP dissector
- IMAP bug fixed
- WhatsApp dissector (it collects only one/two info)
- bug fixed
Enjoy.
Xplico 1.1.0
Xplico 1.1.0 is now available!
ChangeLog:
- Performance improved
- nDPI updated
- IRC bug fixed
- HTTP bug fixed
- VoIP (SIP, RTP) bug fixed
- FTP bug fixed
- changed the FaceBook DB tables
- Null/Loopback dissector
- Cisco HDLC dissector
- Libero.it and RossoAlice WebMail decoding
- Yahoo messenger, Web and Mobile (Beta version)
- Dig using file signatures (for unknown flows)
A special thanks to:
- Telecom Italia for its WebMail service Alice
- Italiaonline for its WebMail service Libero
- Yahoo for its Messenger (Web and for Android)
… thank you for not using encryption in the [users] communications.
Enjoy.
Xplico 1.0.1
Xplico 1.0.1 is now available!
ChangeLog:
- nDPI integration
- performace improved
- FTP dissector improved
- Added the prism dissector
- CLI execution bug fixed
- PCAP-over-IP SSL encryption
- IRC dissector improved
- File reconstruction from Fragmented Payloads improved
- FaceBook Chat updated
- FaceBook Message (partial)
- HTTP without initial packets (packets lost)
- RTP dissector improved
- PCAP2WAV, RTP2WAV interface added
Enjoy.
Ubuntu 12.04 and VirtualBox Image
The VirtualBox image of Xplico 1.0.0 can be downloaded here.
Xplico for Ubuntu 12.04 can be installed following the howto or it can be downloaded here.
We are developing the new version, some new features, like the use of nDPI library, may be tested with the Demo (Xplico in the cloud) . Any feedback is welcome.
Thanks to Carlos Gacimartín.
Enjoy.
net-sniff-ng the packet sniffing beast
In past we have written about net-sniff-ng and we have used it in tandem with Xplico.
In recent days Daniel Borkmann has released a new version of net-sniff-ng, in this new version there are many improvements and new feature. With the last version 0.5.6 net-sniff-ng can be used with Xplico without apply any patch.
So we recommend to all Xplico users to use the last version of net-sniff-ng.
To use net-sniff-ng as a network probe for Xplico on the ethernet interface eth0, with the pcap files in /opt/xplico/pol_1/sol_1 (ie first case and first session in the first case) and with an acquisition time interval of 300 seconds (5 minutes) the command to be use is:
sudo netsniff-ng -i eth0 –out /opt/xplico/pol_1/sol_1/new –silent –jumbo-support –interval 300
Enjoy with net-sniff-ng!
Xplico 1.0.0 Released
Xplico 1.0.0 is now available!
ChangeLog:
- SQLite dispatcher performance improved
- added the PPI dissector
- added the syslog dissector
- added “Bogus IP length” correction with checksum verification disabled
- new Facebook Chat dissector for the new Facebook chat protocol
- SIP dissector improved
- IMAP dissector improved and bugs fixed
- DNS dissector PIPI improved
- Yahoo Webmail bugs fixed
- Live/Hotmail WebMail Spanish version
- GeoMap improved
- PCap-over-IP
Xplico Repository (Ubuntu 11.04 or higher)
To install Xplico in your Ubuntu Server or in your Desktop now you can use the official Xplico repository. With four simple steps you can have Xplico running and updated.
sudo bash -c 'echo "deb http://repo.xplico.org/ $(lsb_release -s -c) main" >> /etc/apt/sources.list'
sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 791C25CE
sudo apt-get update
sudo apt-get install xplico
Thanks
- Stack Overflow users.
- Erika Noerenberg for her analysis in the post “Brief overview of 4 NFATs”
- Victor Oppleman to suggest us to add PCap-over-IP
