Printable View
I think Xplico is a good choice, on bt4 ;)
"The goal of Xplico is extract from an internet traffic capture the applications data contained.
For example, from a pcap file Xplico extracts each email (POP, IMAP, and SMTP protocols), all HTTP contents, each VoIP call (SIP), FTP, TFTP, and so on. Xplico isn’t a network protocol analyzer. Xplico is an open source Network Forensic Analysis Tool (NFAT).
Xplico is released under the GNU General Public License"
Sounds like a great idea, Backtrack could use some more network forensic analysis tools, I'm not to criticize it, but is it set up well and have you tried it out yourself, just out of curiosity .
I've tried building it in BT4 pre-final from the current source(0.5.2) as well as using their installer with no success. Their installer really did a number on my machine. It took me about an hour to clean up that mess (I think I've reverted everything back to where it was...) I was going to file a bug report on the site but I couldn't trace all the errors. Just about every script in the installer had multiple build errors. Most of them looked like they were trying to install 64bit libs on a 32bit system even though the installer asks for the os version when it first starts.
If someone does manage to get this working I'd be curious to hear how you managed.
It's a really big process... Check it out:Quote:
Originally Posted by crooks
Code:apt-get install sqlite tcpdump tshark libx11-dev libxt-dev libxi-dev apache2 php5 php5-sqlite build-essential perl zlib1g-dev libpcap-dev libsqlite0-dev libmysqlclient15-dev python2.5-minimal python2.5 python-all
cd /tmp
wget http://downloads.sourceforge.net/project/xplico/xplico/version%200.5.2/xplico-0.5.2.tgz
tar zxvf xplico-0.5.2.tgz
wget http://geolite.maxmind.com/download/geoip/api/c/GeoIP-1.4.5.tar.gz
tar zxvf GeoIP-1.4.5.tar.gz
cd GeoIP-1.4.5
./configure
make
make install
rm -f *.tar.gz
cd /tmp/xplico
wget http://geolite.maxmind.com/download/geoip/database/GeoLiteCity.dat.gz
gzip -d GeoLiteCity.dat.gz
rm -f *dat.gz
make
cd ..
wget http://mirror.cs.wisc.edu/pub/mirrors/ghost/GPL/ghostpdl/ghostpdl-8.70.tar.bz2
tar jxvf ghostpdl-8.70.tar.bz2
rm -f *.bz2
cd ghostpdl-8.70
make
cd ..
cp /tmp/ghostpdl-8.70/main/obj/pcl6 /tmp/xplico/
rm -rf ghostpdl-8.70
cd /tmp/xplico
make install
cd /var/www
wget http://downloads.sourceforge.net/project/xplico/xplico/version%200.5.2/xplico_interface-0.5.2.tgz
tar zxvf xplico_interface-0.5.2.tgz
rm -f *2.tgz
chmod -R 777 gui.xplico.org
cd /etc/apache2/sites-enabled
wget http://bricowifi.free.fr/xplico
-->edit /etc/apache2/ports.conf to match the following:
# If you just change the port or add more ports here, you will likely also
# have to change the VirtualHost statement in
# /etc/apache2/sites-enabled/000-default
# This is also true if you have upgraded from before 2.2.9-3 (i.e. from
# Debian etch). See /usr/share/doc/apache2.2-common/NEWS.Debian.gz and
# README.Debian.gz
# xplico Host port
NameVirtualHost *:9876
Listen 9876
NameVirtualHost *:80
Listen 80
nano /etc/php5/apache2/php.ini
post_max_size = 100M
upload_max_filesize = 100M
a2enmod rewrite
/etc/init.d/apache2 restart
And you're done.