http://www.secuobs.com Observatoire de la securite Internet fr webmaster@secuobs.com 2011-06-09 16:01:05 - Xplico : Lawrence R Rogers has built and released Xplico 063 for Fedora 11, 12, 13, 14, 15 and CentOS RHEL You can find it at the CERT Linux Forensics Tools Repository Carlos Gacimartín has built the VirtualBox image with Xplico 063 You can find it here http://www.secuobs.com/revue/news/310163.shtmlhttp://www.secuobs.com/revue/news/310163.shtml Secuobs.com : 2011-06-06 14:48:27 - Xplico - In this release 32 and 64 bit new decoding manager DeMa version 031 mfile manipulator HTTP file transfer bug fixes WebMail scripts improved HTTP dissector improved XI upgraded the javascript libraries Enjoy http://www.secuobs.com/revue/news/309347.shtmlhttp://www.secuobs.com/revue/news/309347.shtml Secuobs.com : 2011-06-03 20:13:17 - Xplico - Russ McRee wrote an article about Xplico for ISSA Journal The PDF file can be downloaded here The next week will be released the Xplico s new version, with support for 64bit http://www.secuobs.com/revue/news/309058.shtmlhttp://www.secuobs.com/revue/news/309058.shtml Secuobs.com : 2011-05-16 02:57:45 - Xplico - We are adding new WebMail decoder to Xplico, but since there are a large number of WebMail on the web, we ask for your advice You can comment this post to add new webmail not in the poll In the comment specify The service name WebMail URL Nationality We will add your proposal in the http://www.secuobs.com/revue/news/304954.shtmlhttp://www.secuobs.com/revue/news/304954.shtml Secuobs.com : 2011-05-03 03:43:49 - Xplico - This version introduces l7-patterns classifier for all flows not decoded, also there is the improvement of the real time acquisition, new features for the XI Xplico Interface and many bugs fixes ChangeLog l7-patterns for all flows protocols not decoded by xplico Xplico Interface XI improved python3 porting of many scripts realtime capture module improved facebook chat http://www.secuobs.com/revue/news/302153.shtmlhttp://www.secuobs.com/revue/news/302153.shtml Secuobs.com : 2011-01-11 08:52:35 - Xplico - XI Cookie hijacking is a new feature introduced in 061 version This post shows how to use this new tool with Windows Live Enjoy http://www.secuobs.com/revue/news/277324.shtmlhttp://www.secuobs.com/revue/news/277324.shtml Secuobs.com : 2010-12-06 09:02:53 - Xplico - In this version new dissectors, new features and obviously many bugfix Paltalk chat dissector MSN dissector beta basic version XI Cookie hijacking XI pagination for Images and Web XI XSS fixed XI bugfix We thank Tim Hentenaa for his Paltalk reverse engineering Steve-William KISSI to have found various XSS Daniele Franchetto for MSN dissector Michele http://www.secuobs.com/revue/news/269591.shtmlhttp://www.secuobs.com/revue/news/269591.shtml Secuobs.com : 2010-11-18 10:50:16 - Xplico - Larry Rogers has built and tested Xplico version 060 for the CERT The rpm package is available for Fedora 11-14 from CERT Forensics Appliance repository More info and for all comments please see here Thank to Larry Rogers http://www.secuobs.com/revue/news/265735.shtmlhttp://www.secuobs.com/revue/news/265735.shtml Secuobs.com : 2010-10-11 03:07:34 - Xplico - At SourceForge there is a VirtualBoxorg image of Debian 50 with Xplico 060 installed and running Click here to download it Thanks to Carlos Gacimartín http://www.secuobs.com/revue/news/255731.shtmlhttp://www.secuobs.com/revue/news/255731.shtml Secuobs.com : 2010-10-06 03:46:21 - Xplico - In this version there are bugfix, dissectors improvements and new features XI configuration pages XI administator pages XI multi-user IRC dissector ARP RAP dissector radiotap dissector GeoMap latitude and longitude selectable from XI CLI decoding directory xdecode selectable Telent dissector with PIPI Paltalk Express dissector and aggregator basic version sftp scp pcap files upload Any feedback is http://www.secuobs.com/revue/news/254604.shtmlhttp://www.secuobs.com/revue/news/254604.shtml Secuobs.com : 2010-09-17 01:55:08 - Xplico - ESC is a meeting of people interested in Free Software, Hacking, Security When September 3rd-5th 2010 Where FORTE BAZZERA, via Bazzera, Venezia Tessera Venice, Italy Links ESC, Talks Update, slides Xplico ESC2K10pdf http://www.secuobs.com/revue/news/247843.shtmlhttp://www.secuobs.com/revue/news/247843.shtml Secuobs.com : 2010-06-30 02:26:54 - Xplico - This version brings some improvements and fixes some bugs too serious RTP, FTP, Telnet, SIP dissectors improvements RTP bug fix Xplico Interface XSS Vulnerability fixed Xplico Interface updated to CakePHP 127 new tool named trigcap to manage pcap new version 063 of videosnarf We thank Maximiliano Soler from Security-Database and Marcos Garcia from Zero Science Lab for finding the http://www.secuobs.com/revue/news/236309.shtmlhttp://www.secuobs.com/revue/news/236309.shtml Secuobs.com : 2010-05-24 17:57:18 - Xplico - At SourceForge there is a VirtualBoxorg image of Debian 50 with Xplico 057 installed and running Click here to download it Thanks to Carlos Gacimartín http://www.secuobs.com/revue/news/225047.shtmlhttp://www.secuobs.com/revue/news/225047.shtml Secuobs.com : 2010-05-10 09:45:16 - Xplico - This release introduces improvements in the SIP and RTP dissectors In this version was also added the RTCP dissector, with this dissector Xplico is able to obtain the phone numbers of the caller and called party obviously only if present in the RTCP packets DEFT 51 Live distribution contains this version You can download source code and Ubuntu http://www.secuobs.com/revue/news/220453.shtmlhttp://www.secuobs.com/revue/news/220453.shtml Secuobs.com : 2010-04-21 08:59:17 - Xplico - In this version there are new and important features HTTP reconstruction file ie files downloaded with tools like DownThemAll undecodec UDP and TCP stream with textual content RTP dissector SIP dissector SDP dissector Improved XI many bugfix This version of the SIP and RTP dissectors is not optimal The media contents currently decoded have the following characteristics limitations only audio audio codec G711ulaw, http://www.secuobs.com/revue/news/214432.shtmlhttp://www.secuobs.com/revue/news/214432.shtml Secuobs.com : 2010-03-09 23:17:54 - Xplico - Tomorrow 10 March Carlos Gacimartín, of Xplico team, will hold a conference and a demo of Xplico in Madrid Anyone wishing to attend the conference is invited to Room 11F01 University Carlos III Avda Universidad 30, Leganés Madrid, Spain At 16 00 http://www.secuobs.com/revue/news/199950.shtmlhttp://www.secuobs.com/revue/news/199950.shtml Secuobs.com : 2010-03-02 01:54:51 - Xplico - With pleasure we announce that Xplico is officially included in BackTrack repository Thanks to everyone and in particular to the team of BackTrack http://www.secuobs.com/revue/news/196939.shtmlhttp://www.secuobs.com/revue/news/196939.shtml Secuobs.com : 2010-02-22 00:31:13 - Xplico - In this version migrating to SQLite3 telnet dissector webmail dissector webmail manipulator Yahoo , AOL, Hotmail all without attachments Improved LLC dissector Improved XI script to check new release only in source code Hotmail Live depends on the language Currently the languages supported are Italian and English Any feedback are welcome forum You can download VirtualBox image, source code and Ubuntu 910 package here http://www.secuobs.com/revue/news/193978.shtmlhttp://www.secuobs.com/revue/news/193978.shtml Secuobs.com : 2010-01-24 23:18:49 - Xplico - Currently there are at least 2 Forensic challenges in which Xplico can be used and can facilitate the analysis These two challenges are Forensic Challenge 2010 pcap attack trace Ann s AppleTV We do not answer the questions, here we will give some indication of use of Xplico The Ann s AppleTV pcap file has no particular problems of decoding, http://www.secuobs.com/revue/news/184920.shtmlhttp://www.secuobs.com/revue/news/184920.shtml Secuobs.com : 2009-12-27 12:09:49 - Xplico - This version of Xplico introduce new and important features Facebook web chat dissector New XI based on CakePHP 125 New representation of images For each image you can see with the proxy enabled the page where the image is contained WLAN and LLC basic dissectors HTTP dissector Improvements You can download source code, Ubuntu 910 package and VirtualBoxorg image here http://www.secuobs.com/revue/news/175991.shtmlhttp://www.secuobs.com/revue/news/175991.shtml Secuobs.com : 2009-11-16 03:34:53 - Xplico - You can find this release in DEFT Vx5 Linux distribution You can download source code, Ubuntu 910 package and VirtualBoxorg image here This version of Xplico introduce many new features snoop Packet Capture File Format as input file DNS dissector with graphical representation in Xplico Interface XI NNTP dissector PPPOE dissector direct live acquisition from XI new dispatcher named CLI this dispatcher http://www.secuobs.com/revue/news/161074.shtmlhttp://www.secuobs.com/revue/news/161074.shtml Secuobs.com : 2009-10-28 00:33:12 - Xplico - At SourceForge there is a VirtualBoxorg image of Debian 50 with Xplico 052 installed and running It is a smart way for testing this software without altering your environment It is just download and begin to test Xplico You can use Xplico to decode traffic in console or via web, uploading your own traffic http://www.secuobs.com/revue/news/154649.shtmlhttp://www.secuobs.com/revue/news/154649.shtml Secuobs.com : 2009-09-21 07:45:20 - Xplico - For some time we have in mind to make available a Wiki that contains the documentation of Xplico Soon the new Wiki will be available, even if initially it will not have much contents Merit and initiative of Carlos Gacimartín also a Forum will be opened Thanks to Carlos, who has offered to maintain and administer http://www.secuobs.com/revue/news/142748.shtmlhttp://www.secuobs.com/revue/news/142748.shtml Secuobs.com : 2009-08-19 06:52:31 - Xplico - Bricowifi has created two video tutorials One of them explains how to perform a live capture and decoding of wep traffic The videos can be found here He also made a tutorial describing step by step installation of Xplico The tutorial is in French but it is very clear Many thanks to Bricowifi http://www.secuobs.com/revue/news/132277.shtmlhttp://www.secuobs.com/revue/news/132277.shtml Secuobs.com : 2009-08-11 07:10:54 - Xplico - It is available for download the binary package of Xplico 052 for Ubuntu 904 After installation, you must follow these steps edit etc php5 apache2 phpini to increase the size of files to upload post_max_size 100M upload_max_filesize 100M restart Apache2 start Xplico decoding manager sudo opt xplico script sqlite_demosh open url http localhost 9876 Xplico Interface login For optimal viewing of web pages reconstructed by Xplico using only http://www.secuobs.com/revue/news/129790.shtmlhttp://www.secuobs.com/revue/news/129790.shtml Secuobs.com : 2009-08-03 06:48:13 - Xplico - This version of Xplico and especially of Xplico Interface web user interface introduce many new features Xplico dissectors Ethernet, pcap, ipv4, ipv6, ppp, sll, tcp 2 type , udp, dns, ftp, http, icmp, imap, ipp, mms, pjl Printer Job Language , pop, sdp, smtp, tftp, l2tp instable , vlan instable reverse dns using only the DNS traffic in the PCAP http://www.secuobs.com/revue/news/127404.shtmlhttp://www.secuobs.com/revue/news/127404.shtml Secuobs.com : 2009-04-04 19:34:36 - Xplico - If you search a connection scrambler for Linux that Xplico is not able torecognize, then take a look at SniffJoke 03http://www.secuobs.com/revue/news/79750.shtmlhttp://www.secuobs.com/revue/news/79750.shtml Secuobs.com : 2009-03-15 09:55:30 - Xplico - This release introduce the MMS dissector With this dissector it ispossible to reconstruct the MMS message transported by HTTP protocoland extracts the media contained With the new release of Webinterface it is possible to view photos, texts and videos contained inMMS messages In this release of Xplico we have introduced thegenerations of http://www.secuobs.com/revue/news/71185.shtmlhttp://www.secuobs.com/revue/news/71185.shtml Secuobs.com : 2009-03-10 15:10:09 - Xplico - Xplico at present is unable to avoid sniffer evasion tool handling TTLIP Time To Live In version 06, Xplico will no longer be affectedby this type of attack A good sniffer evasion tool is SniffJokeSniffJoke prevent Xplico to reconstruct the traffic … and not only toXplico http://www.secuobs.com/revue/news/69649.shtmlhttp://www.secuobs.com/revue/news/69649.shtml Secuobs.com : 2009-03-10 15:10:09 - Xplico - … just to starthttp://www.secuobs.com/revue/news/69648.shtmlhttp://www.secuobs.com/revue/news/69648.shtml Secuobs.com : 2009-03-10 15:10:09 - Xplico - DEFT4 has arrived In this release, there are many new features Thenovelty of Xplico in Def4 are: console-mode Xplico executionacquisition and processing in realtime in console-mode access toevery HTTP message You can examine: request header and body responseheader and body Therefore it will be viewed the request body of thePOST Internet Printing Protocol IPP and Printer Job Language http://www.secuobs.com/revue/news/69647.shtmlhttp://www.secuobs.com/revue/news/69647.shtml Secuobs.com : 2009-03-10 15:10:09 - Xplico - With DEFT4, without run X deft-gui, you can capture and decode ethernettraffic in this way: open /xplico/cfg/xplicocfg file and modify: …#MODULE=dis_pcapfso LOG=FEWITDS … DISPATCH=disp_deftso LOG=FEWITDS …in … MODULE=dis_pcapfso LOG=FEWITDS … DISPATCH=disp_nonesoLOG=FEWITDS … And finally: mkdir decode cd decode /xplico/bin/xplico-c /xplico/cfg/xplicocfg -m rltm -i eth0 All the decoded data arestored in http, ipp, pjl, http://www.secuobs.com/revue/news/69646.shtmlhttp://www.secuobs.com/revue/news/69646.shtml Secuobs.com : 2009-03-10 15:10:09 - Xplico - Released sources code of Xplico DEFT4 see downloadhttp://www.secuobs.com/revue/news/69645.shtmlhttp://www.secuobs.com/revue/news/69645.shtml Secuobs.com : 2009-03-10 15:10:09 - Xplico - An example of the effectiveness of SniffJoke is given by this pcap It iseasy to verify that Wireshark and other tools reconstruct the dataentering the traffic generated by SbiffJoke, making reconstructionwrong Try this pcap… with your best toolhttp://www.secuobs.com/revue/news/69644.shtmlhttp://www.secuobs.com/revue/news/69644.shtml Secuobs.com : 2009-03-10 15:10:09 - Xplico - This release introduce the IMAP dissector With this dissector it ispossible reconstruct the emails transported by IMAP protocol The webinterface it is the same of last version Any bug reports orsuggestions are welcome You can find source code herehttp://www.secuobs.com/revue/news/69643.shtmlhttp://www.secuobs.com/revue/news/69643.shtml Secuobs.com : 2009-03-10 15:10:09 - Xplico - This is the first experiment of use of Flare library Thanks to RaffaelMarty for his help with Flare In this representation are listed alldissectors with their bonds of dependencyhttp://www.secuobs.com/revue/news/69642.shtmlhttp://www.secuobs.com/revue/news/69642.shtml Secuobs.com : 2009-03-10 15:10:09 - Xplico - By March there will be a new release of Xplico This new release willhave the geographical map of the reconstructions, and perhaps thedissector for Multimedia Messaging Service An example of geographicalmap can be found herehttp://www.secuobs.com/revue/news/69641.shtmlhttp://www.secuobs.com/revue/news/69641.shtml Secuobs.com : 2009-03-10 15:10:09 - Xplico - If you sniff, with tcpdump or other tools, all Gmail traffic beforelogin and you give this capture to Xplico using Web interface, thenyou can view the emails of Gmail, even if you have not read the emailthis is true only for the first emails on the list Obviously,before capture the Gmail traffic, http://www.secuobs.com/revue/news/69640.shtmlhttp://www.secuobs.com/revue/news/69640.shtml