Xplico 0.6.2: l7-patterns
This version introduces l7-patterns classifier for all flows not decoded, also there is the improvement of the real time acquisition, new features for the XI (Xplico Interface) and many bugs fixes.
ChangeLog:
- l7-patterns for all flows/protocols not decoded by xplico
- Xplico Interface (XI) improved
- python3 porting of many scripts
- realtime capture module improved
- facebook chat realtime view
- UTC/localtime bug fixes
- l2tp dissector bug fixes
- cli and lite dispatchers bug fixes
- telnet dissector bug fixes
- trigcap bug fixes
- new script named session_mng.pyc to facilitate the creation of new case and/or new session from command line
We thank naif for his support and his availability.
The decoding performance are:
- from command line: 5.9 MB/s
- from Xplico Interface (XI) with SQLite DB (=> lite dispatcher): 1.76 MB/s
- from Xplico Interface with MySQL DB (=> ximysql dispatcher): 4.09 MB/s
measured on an Aspire 5633WLMi (Intel Core 2 Duo processor T5500 with 1GB RAM an HD IDE controller) with the pcap http://domex.nps.edu/corp/scenarios/2009-m57/net/day11-18.dmp.zip (851 MB).
As always: Enjoy !
Xplico 0.6.1: MSN and Paltalk
In this version new dissectors, new features and obviously many bugfix:
- Paltalk chat dissector
- MSN dissector (beta basic version)
- XI Cookie hijacking
- XI pagination for Images and Web
- XI XSS fixed
- XI bugfix
We thank:
- Tim Hentenaa for his Paltalk reverse engineering
- Steve-William KISSI to have found various XSS
- Daniele Franchetto for MSN dissector
- Michele Dallachiesa for cookietools
You can found Xplico 0.6.1 in DEFT Linux 6 and you can download VirtualBox.org image, source code and Ubuntu 10.10 package here.
Enjoy 😉
Xplico 0.6.0 for Fedora 11-14 by CERT
Larry Rogers has built and tested Xplico version 0.6.0 for the CERT.
The rpm package is available for Fedora 11-14 from CERT Forensics Appliance repository.
More info and for all comments please see here.
Thank to Larry Rogers.
VirtualBox Image 0.6.0
At SourceForge there is a VirtualBox.org image of Debian 5.0 with Xplico 0.6.0 installed and running.
Click here to download it.
Thanks to Carlos GacimartÃn.
Xplico 0.6.0: IRC and Paltalk Express
In this version there are bugfix, dissectors improvements and new features:
- XI configuration pages
- XI administator pages
- XI multi-user
- IRC dissector
- ARP/RAP dissector
- radiotap dissector
- GeoMap latitude and longitude selectable from XI
- CLI decoding directory (xdecode) selectable
- Telent dissector with PIPI
- Paltalk Express dissector and aggregator (basic version)
- sftp/scp pcap files upload
Any feedback is welcome.
You can download source code and Ubuntu 10.04 package here.
Enjoy ;).
Xplico version 0.5.8: Improvements and bug fix
This version brings some improvements and fixes some bugs too serious.
- RTP, FTP, Telnet, SIP dissectors improvements
- RTP bug fix
- Xplico Interface XSS Vulnerability fixed
- Xplico Interface updated to CakePHP 1.2.7
- new tool named trigcap to manage pcap
- new version (0.63) of videosnarf
We thank:
- Maximiliano Soler from Security-Database and Marcos Garcia from Zero Science Lab for finding the vulnerability (XSS) and for helping us.
- Alex Antão for having supported us in finding a bug in RTP
You can download VirtualBox.org image, source code and Ubuntu 10.04 package here.
Enjoy ;).
VirtualBox Image 0.5.7
At SourceForge there is a VirtualBox.org image of Debian 5.0 with Xplico 0.5.7 installed and running.
Click here to download it.
Thanks to Carlos GacimartÃn.
Xplico version 0.5.6: VoIP (SIP & RTP)
In this version there are new and important features:
- HTTP reconstruction file. ie: files downloaded with tools like DownThemAll
- undecodec UDP and TCP “stream” with textual content
- RTP dissector
- SIP dissector
- SDP dissector
- Improved XI
- many bugfix
This version of the SIP and RTP dissectors is not optimal. The (media) contents currently decoded have the following characteristics (limitations) :
- only audio
- audio codec: G711ulaw, G711alaw, G722, G729, G723 and G726
- only static RTP payload type
We have to thank:
- Michele Dallachiesa, for his wonderful tool rtpbreak and for his papers on VoIP protocols
- UCSniff Team for their tool VideoSnarf
- Carlos GacimartÃn, for his help and for Virtualbox Image
- Massimiliano Dal Cero for his help with flash application
- all forum users for their debug
You can download VirtualBox.org image, source code and Ubuntu 9.10 package here.
Enjoy ;).
Xplico version 0.5.5: WebMail
In this version:
- migrating to SQLite3
- telnet dissector
- webmail dissector
- webmail manipulator: Yahoo!, AOL, Hotmail (all without attachments)
- Improved LLC dissector
- Improved XI
- script to check new release (only in source code)
Hotmail (Live) depends on the language. Currently the languages supported are Italian and English.
Any feedback are welcome: forum.
You can download VirtualBox image, source code and Ubuntu 9.10 package here.
Xplico version 0.5.4: Facebook Chat
This version of Xplico introduce new and important features:
- Facebook web chat dissector
- New XI based on CakePHP 1.2.5
- New representation of images
- For each image you can see (with the proxy enabled) the page where the image is contained
- WLAN and LLC basic dissectors
- HTTP dissector Improvements
You can download source code, Ubuntu 9.10 package and VirtualBox.org image here.
