Open Source Network Forensic Analysis Tool (NFAT) 

Twitter E-mail RSS

Xplico 0.6.1: MSN and Paltalk

In this version new dissectors, new features and obviously many bugfix:

  • Paltalk chat dissector
  • MSN dissector (beta basic version)
  • XI Cookie hijacking
  • XI pagination for Images and Web
  • XI XSS fixed
  • XI bugfix

We thank:

You can found Xplico 0.6.1 in DEFT Linux 6 and you can download VirtualBox.org image, source code and Ubuntu 10.10 package here.

Enjoy 😉

Xplico 0.6.0 for Fedora 11-14 by CERT

Larry Rogers has built and tested Xplico version 0.6.0 for the CERT.
The rpm package is available for Fedora 11-14 from CERT Forensics Appliance repository.

More info and for all comments please see here.

Thank to Larry Rogers.

VirtualBox Image 0.6.0

At SourceForge there is a VirtualBox.org image of Debian 5.0 with Xplico 0.6.0 installed and running.

Click here to download it.

Thanks to Carlos Gacimartín.

Xplico 0.6.0: IRC and Paltalk Express

In this version there are bugfix, dissectors improvements and new features:

  • XI configuration pages
  • XI administator pages
  • XI multi-user
  • IRC dissector
  • ARP/RAP dissector
  • radiotap dissector
  • GeoMap latitude and longitude selectable from XI
  • CLI decoding directory (xdecode) selectable
  • Telent dissector with PIPI
  • Paltalk Express dissector and aggregator (basic version)
  • sftp/scp pcap files upload

Any feedback is welcome.

You can download source code and Ubuntu 10.04 package here.

Enjoy ;).

Xplico version 0.5.8: Improvements and bug fix

This version brings some improvements and fixes some bugs too serious.

  • RTP, FTP, Telnet, SIP dissectors improvements
  • RTP bug fix
  • Xplico Interface XSS Vulnerability fixed
  • Xplico Interface updated to CakePHP 1.2.7
  • new tool named trigcap to manage pcap
  • new version (0.63) of videosnarf

We thank:

  • Maximiliano Soler from Security-Database and Marcos Garcia from Zero Science Lab for finding the vulnerability (XSS) and for helping us.
  • Alex Antão for having supported us in finding a bug in RTP

You can download VirtualBox.org image, source code and Ubuntu 10.04 package here.

Enjoy ;).

VirtualBox Image 0.5.7

At SourceForge there is a VirtualBox.org image of Debian 5.0 with Xplico 0.5.7 installed and running.

Click here to download it.

Thanks to Carlos Gacimartín.

Xplico version 0.5.6: VoIP (SIP & RTP)

In this version there are new and important features:

  • HTTP reconstruction file. ie: files downloaded with tools like DownThemAll
  • undecodec UDP and TCP “stream” with textual content
  • RTP dissector
  • SIP dissector
  • SDP dissector
  • Improved XI
  • many bugfix

This version of the SIP and RTP dissectors is not optimal. The (media) contents currently decoded have the following characteristics (limitations) :

  • only audio
  • audio codec: G711ulaw, G711alaw, G722, G729, G723 and G726
  • only static RTP payload type

We have to thank:

You can download VirtualBox.org image, source code and Ubuntu 9.10 package here.

Enjoy ;).

Xplico version 0.5.5: WebMail

In this version:

  • migrating to SQLite3
  • telnet dissector
  • webmail dissector
  • webmail manipulator: Yahoo!, AOL, Hotmail (all without attachments)
  • Improved LLC dissector
  • Improved XI
  • script to check new release (only in source code)

Hotmail (Live) depends on the language. Currently the languages supported are Italian and English.
Any feedback are welcome: forum.

You can download VirtualBox image, source code and Ubuntu 9.10 package here.

Xplico version 0.5.4: Facebook Chat

This version of Xplico introduce new and important features:

  • Facebook web chat dissector
  • New XI based on CakePHP 1.2.5
  • New representation of images
  • For each image you can see (with the proxy enabled) the page where the image is contained
  • WLAN and LLC basic dissectors
  • HTTP dissector Improvements

You can download source code, Ubuntu 9.10 package and VirtualBox.org image here.

Xplico version 0.5.3 and DEFT Vx5

You can find this release in DEFT Vx5 Linux distribution.
You can download source code, Ubuntu 9.10 package and VirtualBox.org image here.

This version of Xplico introduce many new features:

xi_dns_2

  • snoop Packet Capture File Format as input file
  • DNS dissector with graphical representation in Xplico Interface (XI)
  • NNTP dissector
  • PPPOE dissector
  • direct live acquisition from XI
  • new dispatcher named CLI: this dispatcher organize the data extracted in a tree as this:

    xdecode/<ip_src_1>/http
    xdecode/<ip_src_1>/mail/
    xdecode/<ip_src_1>/nntp
    xdecode/<ip_src_1>/ftp
    xdecode/<ip_src_1>/...
    xdecode/<ip_src_2>/http
    xdecode/<ip_src_2>/mail/
    xdecode/<ip_src_2>/nntp
    xdecode/<ip_src_2>/ftp
    xdecode/<ip_src_2>/...
  • default  CLI dispatcher in command line execution
  • file extension for the HTTP contents

We have to thank:

Enjoy ;).