Xplico 0.6.1: MSN and Paltalk
In this version new dissectors, new features and obviously many bugfix:
- Paltalk chat dissector
- MSN dissector (beta basic version)
- XI Cookie hijacking
- XI pagination for Images and Web
- XI XSS fixed
- XI bugfix
We thank:
- Tim Hentenaa for his Paltalk reverse engineering
- Steve-William KISSI to have found various XSS
- Daniele Franchetto for MSN dissector
- Michele Dallachiesa for cookietools
You can found Xplico 0.6.1 in DEFT Linux 6 and you can download VirtualBox.org image, source code and Ubuntu 10.10 package here.
Enjoy 😉
Xplico 0.6.0: IRC and Paltalk Express
In this version there are bugfix, dissectors improvements and new features:
- XI configuration pages
- XI administator pages
- XI multi-user
- IRC dissector
- ARP/RAP dissector
- radiotap dissector
- GeoMap latitude and longitude selectable from XI
- CLI decoding directory (xdecode) selectable
- Telent dissector with PIPI
- Paltalk Express dissector and aggregator (basic version)
- sftp/scp pcap files upload
Any feedback is welcome.
You can download source code and Ubuntu 10.04 package here.
Enjoy ;).
Xplico version 0.5.8: Improvements and bug fix
This version brings some improvements and fixes some bugs too serious.
- RTP, FTP, Telnet, SIP dissectors improvements
- RTP bug fix
- Xplico Interface XSS Vulnerability fixed
- Xplico Interface updated to CakePHP 1.2.7
- new tool named trigcap to manage pcap
- new version (0.63) of videosnarf
We thank:
- Maximiliano Soler from Security-Database and Marcos Garcia from Zero Science Lab for finding the vulnerability (XSS) and for helping us.
- Alex Antão for having supported us in finding a bug in RTP
You can download VirtualBox.org image, source code and Ubuntu 10.04 package here.
Enjoy ;).
Xplico 0.5.7: VoIP tapping and phone numbers
This release introduces improvements in the SIP and RTP dissectors.
In this version was also added the RTCP dissector, with this dissector Xplico is able to obtain the phone numbers of the caller and called party (obviously only if present in the RTCP packets).
DEFT 5.1 Live distribution contains this version.
You can download source code and Ubuntu 10.04 package here.
Enjoy ;).
Xplico version 0.5.6: VoIP (SIP & RTP)
In this version there are new and important features:
- HTTP reconstruction file. ie: files downloaded with tools like DownThemAll
- undecodec UDP and TCP “stream” with textual content
- RTP dissector
- SIP dissector
- SDP dissector
- Improved XI
- many bugfix
This version of the SIP and RTP dissectors is not optimal. The (media) contents currently decoded have the following characteristics (limitations) :
- only audio
- audio codec: G711ulaw, G711alaw, G722, G729, G723 and G726
- only static RTP payload type
We have to thank:
- Michele Dallachiesa, for his wonderful tool rtpbreak and for his papers on VoIP protocols
- UCSniff Team for their tool VideoSnarf
- Carlos Gacimartín, for his help and for Virtualbox Image
- Massimiliano Dal Cero for his help with flash application
- all forum users for their debug
You can download VirtualBox.org image, source code and Ubuntu 9.10 package here.
Enjoy ;).
Xplico version 0.5.5: WebMail
In this version:
- migrating to SQLite3
- telnet dissector
- webmail dissector
- webmail manipulator: Yahoo!, AOL, Hotmail (all without attachments)
- Improved LLC dissector
- Improved XI
- script to check new release (only in source code)
Hotmail (Live) depends on the language. Currently the languages supported are Italian and English.
Any feedback are welcome: forum.
You can download VirtualBox image, source code and Ubuntu 9.10 package here.
Xplico version 0.5.4: Facebook Chat
This version of Xplico introduce new and important features:
- Facebook web chat dissector
- New XI based on CakePHP 1.2.5
- New representation of images
- For each image you can see (with the proxy enabled) the page where the image is contained
- WLAN and LLC basic dissectors
- HTTP dissector Improvements
You can download source code, Ubuntu 9.10 package and VirtualBox.org image here.
Xplico version 0.5.3 and DEFT Vx5
You can find this release in DEFT Vx5 Linux distribution.
You can download source code, Ubuntu 9.10 package and VirtualBox.org image here.
This version of Xplico introduce many new features:
- snoop Packet Capture File Format as input file
- DNS dissector with graphical representation in Xplico Interface (XI)
- NNTP dissector
- PPPOE dissector
- direct live acquisition from XI
- new dispatcher named CLI: this dispatcher organize the data extracted in a tree as this:
xdecode/<ip_src_1>/http
xdecode/<ip_src_1>/mail/
xdecode/<ip_src_1>/nntp
xdecode/<ip_src_1>/ftp
xdecode/<ip_src_1>/...
xdecode/<ip_src_2>/http
xdecode/<ip_src_2>/mail/
xdecode/<ip_src_2>/nntp
xdecode/<ip_src_2>/ftp
xdecode/<ip_src_2>/...
- default CLI dispatcher in command line execution
- file extension for the HTTP contents
We have to thank:
- Carlos Gacimartín, for his help
- Doriano Azzena, for his support in debugging
- Matteo G.P. Flora for inspiration of DNS XI graphics
- Open Flash Chart team for their wonderful tool
- all forum users for their debug
Enjoy ;).
Xplico version 0.5.2
This version of Xplico and especially of Xplico Interface (web user interface) introduce many new features.
Xplico :
- dissectors: Ethernet, pcap, ipv4, ipv6, ppp, sll, tcp (2 type), udp, dns, ftp, http, icmp, imap, ipp, mms, pjl (Printer Job Language), pop, sdp, smtp, tftp, l2tp (instable), vlan (instable)
- reverse dns using only the DNS traffic in the PCAP file
- geographical and temporal map of the connections decoded (The local IP are mapped in Venezia)
- improvements of the regeneration of web pages.
Xplico Interface:
- new look (screenshot)
- summary of the data decoded
- source host selectablly
- visualization (with Wireshark) of all packets and flows that compose the content extracted/reconstructed
- usable from any PC on the network (see install)
- improvements email visualization, (downloadable attachments)
- feed list. Feed reader (RSS and Atom)
- MMS contents visualization
- improvement of research content
- improvements of the regeneration of web pages
MMS and GeoMap version
This release introduce the MMS dissector. With this dissector it is possible to reconstruct the MMS message transported by HTTP protocol and extracts the media contained. With the new release of Web interface it is possible to view photos, texts and videos contained in MMS messages.
In this release of Xplico we have introduced the generations of geographical and temporal map of data rebuilding by Xplico. This feature named GeoMap can be used both with console mode and Web interface. The files generated by GeoMap are kml files an can be used with Google Earth. To allow the visualization of the connections whose source is a private IP address, we have decided that the private IP address are located in Venice (this is a temporary solution).
We have to thank:
- Collin Richard Mulliner for your mms messages
- Kowsik Guruswamy for your Cap’r Makr’ tool, and for your very fast support
- SecViz for inspiration of GeoMap
- MaxMin for your open source GeoIP library
- Wireshark team for… ALL
An example of MMS over HTTP you can find here.This pcap was generated with Cap’r Makr’ and with the mms of Flavio Poletti.
Any bug reports or suggestions are welcome.