Xplico

May 16, 2011
Comments Off on WebMail decoder… which do you prefer?
Improvements

WebMail decoder… which do you prefer?

We are adding new WebMail decoder to Xplico, but since there are a large number of WebMail on the web, we ask for your advice.

What are the WebMail to add to Xplico?

Google Mail: HTTP GMail (30%, 77 Votes)
Yahoo! Mobile (18%, 46 Votes)
GMX: www.gmx.net (Germany) (10%, 25 Votes)
Rouncube: roundcube.net (9%, 24 Votes)
163: www.163.com (China) (9%, 23 Votes)
Horde: www.horde.org (9%, 23 Votes)
Orange: webmail.orange.fr (France) (7%, 19 Votes)
Libero: www.libero.it (Italy) (3%, 8 Votes)
Rediff: www.rediff.com (India) (2%, 6 Votes)
MYNET: mynet.com (Turkey) (2%, 4 Votes)
TTNET: www.ttnet.com.tr (Turkey) (1%, 3 Votes)

Total Voters: 199

Loading ...

You can comment this post to add new webmail (not in the poll). In the comment specify:

The service name
WebMail URL
Nationality

We will add your proposal in the poll.

May 3, 2011
Comments Off on Xplico 0.6.2: l7-patterns
Binary, Dissectors, Improvements, News, Release, Visualization

Xplico 0.6.2: l7-patterns

This version introduces l7-patterns classifier for all flows not decoded, also there is the improvement of the real time acquisition, new features for the XI (Xplico Interface) and many bugs fixes.

ChangeLog:

l7-patterns for all flows/protocols not decoded by xplico
Xplico Interface (XI) improved
python3 porting of many scripts
realtime capture module improved
facebook chat realtime view
UTC/localtime bug fixes
l2tp dissector bug fixes
cli and lite dispatchers bug fixes
telnet dissector bug fixes
trigcap bug fixes
new script named session_mng.pyc to facilitate the creation of new case and/or new session from command line

We thank naif for his support and his availability.

The decoding performance are:

from command line: 5.9 MB/s
from Xplico Interface (XI) with SQLite DB (=> lite dispatcher): 1.76 MB/s
from Xplico Interface with MySQL DB (=> ximysql dispatcher): 4.09 MB/s

measured on an Aspire 5633WLMi (Intel Core 2 Duo processor T5500 with 1GB RAM an HD IDE controller) with the pcap http://domex.nps.edu/corp/scenarios/2009-m57/net/day11-18.dmp.zip (851 MB).

As always: Enjoy !

January 11, 2011
Comments Off on XI Cookie hijacking: Windows Live
How To

XI Cookie hijacking: Windows Live

XI Cookie hijacking is a new feature introduced in 0.6.1 version.

This post shows how to use this new tool with Windows Live.

Enjoy.

December 6, 2010
Comments Off on Xplico 0.6.1: MSN and Paltalk
Binary, DEFT, Dissectors, Improvements, News, Release

Xplico 0.6.1: MSN and Paltalk

In this version new dissectors, new features and obviously many bugfix:

Paltalk chat dissector
MSN dissector (beta basic version)
XI Cookie hijacking
XI pagination for Images and Web
XI XSS fixed
XI bugfix

We thank:

Tim Hentenaa for his Paltalk reverse engineering
Steve-William KISSI to have found various XSS
Daniele Franchetto for MSN dissector
Michele Dallachiesa for cookietools

You can found Xplico 0.6.1 in DEFT Linux 6 and you can download VirtualBox.org image, source code and Ubuntu 10.10 package here.

Enjoy 😉

November 18, 2010
Comments Off on Xplico 0.6.0 for Fedora 11-14 by CERT
Binary, News

Xplico 0.6.0 for Fedora 11-14 by CERT

Larry Rogers has built and tested Xplico version 0.6.0 for the CERT.
The rpm package is available for Fedora 11-14 from CERT Forensics Appliance repository.

More info and for all comments please see here.

Thank to Larry Rogers.

October 11, 2010
Comments Off on VirtualBox Image 0.6.0
Binary

VirtualBox Image 0.6.0

At SourceForge there is a VirtualBox.org image of Debian 5.0 with Xplico 0.6.0 installed and running.

Click here to download it.

Thanks to Carlos Gacimartín.

October 6, 2010
Comments Off on Xplico 0.6.0: IRC and Paltalk Express
Binary, Dissectors, Improvements, Release

Xplico 0.6.0: IRC and Paltalk Express

In this version there are bugfix, dissectors improvements and new features:

XI configuration pages
XI administator pages
XI multi-user
IRC dissector
ARP/RAP dissector
radiotap dissector
GeoMap latitude and longitude selectable from XI
CLI decoding directory (xdecode) selectable
Telent dissector with PIPI
Paltalk Express dissector and aggregator (basic version)
sftp/scp pcap files upload

Any feedback is welcome.

You can download source code and Ubuntu 10.04 package here.

Enjoy ;).

August 31, 2010
Comments Off on ESC: END SUMMER CAMP 2K10
Conferences

ESC: END SUMMER CAMP 2K10

“ESC is a meeting of people interested in Free Software, Hacking, Security.”

When: September 3rd-5th 2010
Where: FORTE BAZZERA, via Bazzera, +∞ Venezia Tessera (Venice, Italy)
Links: ESC, Talks

Update, slides : (IT) Xplico ESC2K10.pdf

June 29, 2010
Comments Off on Xplico version 0.5.8: Improvements and bug fix
Binary, Improvements, Release

Xplico version 0.5.8: Improvements and bug fix

This version brings some improvements and fixes some bugs too serious.

RTP, FTP, Telnet, SIP dissectors improvements
RTP bug fix
Xplico Interface XSS Vulnerability fixed
Xplico Interface updated to CakePHP 1.2.7
new tool named trigcap to manage pcap
new version (0.63) of videosnarf

We thank:

Maximiliano Soler from Security-Database and Marcos Garcia from Zero Science Lab for finding the vulnerability (XSS) and for helping us.
Alex Antão for having supported us in finding a bug in RTP

You can download VirtualBox.org image, source code and Ubuntu 10.04 package here.

Enjoy ;).