WebMail decoder… which do you prefer?
We are adding new WebMail decoder to Xplico, but since there are a large number of WebMail on the web, we ask for your advice.
What are the WebMail to add to Xplico?
- Google Mail: HTTP GMail (30%, 77 Votes)
- Yahoo! Mobile (18%, 46 Votes)
- GMX: www.gmx.net (Germany) (10%, 25 Votes)
- Rouncube: roundcube.net (9%, 24 Votes)
- 163: www.163.com (China) (9%, 23 Votes)
- Horde: www.horde.org (9%, 23 Votes)
- Orange: webmail.orange.fr (France) (7%, 19 Votes)
- Libero: www.libero.it (Italy) (3%, 8 Votes)
- Rediff: www.rediff.com (India) (2%, 6 Votes)
- MYNET: mynet.com (Turkey) (2%, 4 Votes)
- TTNET: www.ttnet.com.tr (Turkey) (1%, 3 Votes)
Total Voters: 199
You can comment this post to add new webmail (not in the poll). In the comment specify:
- The service name
- WebMail URL
- Nationality
We will add your proposal in the poll.
Xplico 0.6.2: l7-patterns
This version introduces l7-patterns classifier for all flows not decoded, also there is the improvement of the real time acquisition, new features for the XI (Xplico Interface) and many bugs fixes.
ChangeLog:
- l7-patterns for all flows/protocols not decoded by xplico
- Xplico Interface (XI) improved
- python3 porting of many scripts
- realtime capture module improved
- facebook chat realtime view
- UTC/localtime bug fixes
- l2tp dissector bug fixes
- cli and lite dispatchers bug fixes
- telnet dissector bug fixes
- trigcap bug fixes
- new script named session_mng.pyc to facilitate the creation of new case and/or new session from command line
We thank naif for his support and his availability.
The decoding performance are:
- from command line: 5.9 MB/s
- from Xplico Interface (XI) with SQLite DB (=> lite dispatcher): 1.76 MB/s
- from Xplico Interface with MySQL DB (=> ximysql dispatcher): 4.09 MB/s
measured on an Aspire 5633WLMi (Intel Core 2 Duo processor T5500 with 1GB RAM an HD IDE controller) with the pcap http://domex.nps.edu/corp/scenarios/2009-m57/net/day11-18.dmp.zip (851 MB).
As always: Enjoy !
XI Cookie hijacking: Windows Live
XI Cookie hijacking is a new feature introduced in 0.6.1 version.
This post shows how to use this new tool with Windows Live.
Enjoy.
Xplico 0.6.1: MSN and Paltalk
In this version new dissectors, new features and obviously many bugfix:
- Paltalk chat dissector
- MSN dissector (beta basic version)
- XI Cookie hijacking
- XI pagination for Images and Web
- XI XSS fixed
- XI bugfix
We thank:
- Tim Hentenaa for his Paltalk reverse engineering
- Steve-William KISSI to have found various XSS
- Daniele Franchetto for MSN dissector
- Michele Dallachiesa for cookietools
You can found Xplico 0.6.1 in DEFT Linux 6 and you can download VirtualBox.org image, source code and Ubuntu 10.10 package here.
Enjoy 😉
Xplico 0.6.0 for Fedora 11-14 by CERT
Larry Rogers has built and tested Xplico version 0.6.0 for the CERT.
The rpm package is available for Fedora 11-14 from CERT Forensics Appliance repository.
More info and for all comments please see here.
Thank to Larry Rogers.
VirtualBox Image 0.6.0
At SourceForge there is a VirtualBox.org image of Debian 5.0 with Xplico 0.6.0 installed and running.
Click here to download it.
Thanks to Carlos GacimartÃn.
Xplico 0.6.0: IRC and Paltalk Express
In this version there are bugfix, dissectors improvements and new features:
- XI configuration pages
- XI administator pages
- XI multi-user
- IRC dissector
- ARP/RAP dissector
- radiotap dissector
- GeoMap latitude and longitude selectable from XI
- CLI decoding directory (xdecode) selectable
- Telent dissector with PIPI
- Paltalk Express dissector and aggregator (basic version)
- sftp/scp pcap files upload
Any feedback is welcome.
You can download source code and Ubuntu 10.04 package here.
Enjoy ;).
ESC: END SUMMER CAMP 2K10
“ESC is a meeting of people interested in Free Software, Hacking, Security.”
When: September 3rd-5th 2010
Where: FORTE BAZZERA, via Bazzera, +∞ Venezia Tessera (Venice, Italy)
Links: ESC, Talks
Update, slides : (IT) Xplico ESC2K10.pdf
Xplico version 0.5.8: Improvements and bug fix
This version brings some improvements and fixes some bugs too serious.
- RTP, FTP, Telnet, SIP dissectors improvements
- RTP bug fix
- Xplico Interface XSS Vulnerability fixed
- Xplico Interface updated to CakePHP 1.2.7
- new tool named trigcap to manage pcap
- new version (0.63) of videosnarf
We thank:
- Maximiliano Soler from Security-Database and Marcos Garcia from Zero Science Lab for finding the vulnerability (XSS) and for helping us.
- Alex Antão for having supported us in finding a bug in RTP
You can download VirtualBox.org image, source code and Ubuntu 10.04 package here.
Enjoy ;).
VirtualBox Image 0.5.7
At SourceForge there is a VirtualBox.org image of Debian 5.0 with Xplico 0.5.7 installed and running.
Click here to download it.
Thanks to Carlos GacimartÃn.