Open Source Network Forensic Analysis Tool (NFAT) 

Twitter E-mail RSS

WebMail decoder… which do you prefer?

We are adding new WebMail decoder to Xplico, but since there are a large number of WebMail on the web, we ask for your advice.

What are the WebMail to add to Xplico?

  • Google Mail: HTTP GMail (30%, 77 Votes)
  • Yahoo! Mobile (18%, 46 Votes)
  • GMX: (Germany) (10%, 25 Votes)
  • Rouncube: (9%, 24 Votes)
  • 163: (China) (9%, 23 Votes)
  • Horde: (9%, 23 Votes)
  • Orange: (France) (7%, 19 Votes)
  • Libero: (Italy) (3%, 8 Votes)
  • Rediff: (India) (2%, 6 Votes)
  • MYNET: (Turkey) (2%, 4 Votes)
  • TTNET: (Turkey) (1%, 3 Votes)

Total Voters: 199

Loading ... Loading ...

You can comment this post to add new webmail (not in the poll). In the comment specify:

  • The service name
  • WebMail URL
  • Nationality

We will add your proposal in the poll.

Xplico 0.6.2: l7-patterns

This version introduces l7-patterns classifier for all flows not decoded, also there is the improvement of the real time acquisition, new features for the XI (Xplico Interface) and many bugs fixes.


  • l7-patterns for all flows/protocols not decoded by xplico
  • Xplico Interface (XI) improved
  • python3 porting of many scripts
  • realtime capture module improved
  • facebook chat realtime view
  • UTC/localtime bug fixes
  • l2tp dissector bug fixes
  • cli and lite dispatchers bug fixes
  • telnet dissector bug fixes
  • trigcap bug fixes
  • new script named session_mng.pyc to facilitate the creation of new case and/or new session from command line

We thank naif for his support and his availability.

The decoding performance are:

  • from command line: 5.9 MB/s
  • from Xplico Interface (XI) with SQLite DB (=> lite dispatcher): 1.76 MB/s
  • from Xplico Interface with MySQL DB (=> ximysql dispatcher): 4.09 MB/s

measured on an Aspire 5633WLMi (Intel Core 2 Duo processor T5500 with 1GB RAM an HD IDE controller) with the pcap (851 MB).

As always: Enjoy !

XI Cookie hijacking: Windows Live

Windwa Live

XI Cookie hijacking is a new feature introduced in 0.6.1 version.

This post shows how to use this new tool with Windows Live.


Xplico 0.6.1: MSN and Paltalk

In this version new dissectors, new features and obviously many bugfix:

  • Paltalk chat dissector
  • MSN dissector (beta basic version)
  • XI Cookie hijacking
  • XI pagination for Images and Web
  • XI XSS fixed
  • XI bugfix

We thank:

You can found Xplico 0.6.1 in DEFT Linux 6 and you can download image, source code and Ubuntu 10.10 package here.

Enjoy 😉

Xplico 0.6.0 for Fedora 11-14 by CERT

Larry Rogers has built and tested Xplico version 0.6.0 for the CERT.
The rpm package is available for Fedora 11-14 from CERT Forensics Appliance repository.

More info and for all comments please see here.

Thank to Larry Rogers.

VirtualBox Image 0.6.0

At SourceForge there is a image of Debian 5.0 with Xplico 0.6.0 installed and running.

Click here to download it.

Thanks to Carlos Gacimartín.

Xplico 0.6.0: IRC and Paltalk Express

In this version there are bugfix, dissectors improvements and new features:

  • XI configuration pages
  • XI administator pages
  • XI multi-user
  • IRC dissector
  • ARP/RAP dissector
  • radiotap dissector
  • GeoMap latitude and longitude selectable from XI
  • CLI decoding directory (xdecode) selectable
  • Telent dissector with PIPI
  • Paltalk Express dissector and aggregator (basic version)
  • sftp/scp pcap files upload

Any feedback is welcome.

You can download source code and Ubuntu 10.04 package here.

Enjoy ;).


“ESC is a meeting of people interested in Free Software, Hacking, Security.”

When: September 3rd-5th 2010
Where: FORTE BAZZERA, via Bazzera, +∞ Venezia Tessera (Venice, Italy)
Links: ESC, Talks

Update, slides : (IT) Xplico ESC2K10.pdf

Xplico version 0.5.8: Improvements and bug fix

This version brings some improvements and fixes some bugs too serious.

  • RTP, FTP, Telnet, SIP dissectors improvements
  • RTP bug fix
  • Xplico Interface XSS Vulnerability fixed
  • Xplico Interface updated to CakePHP 1.2.7
  • new tool named trigcap to manage pcap
  • new version (0.63) of videosnarf

We thank:

  • Maximiliano Soler from Security-Database and Marcos Garcia from Zero Science Lab for finding the vulnerability (XSS) and for helping us.
  • Alex Antão for having supported us in finding a bug in RTP

You can download image, source code and Ubuntu 10.04 package here.

Enjoy ;).

VirtualBox Image 0.5.7

At SourceForge there is a image of Debian 5.0 with Xplico 0.5.7 installed and running.

Click here to download it.

Thanks to Carlos Gacimartín.