Results 1 to 4 of 4

Thread: request Xplico

Hybrid View

  1. #1
    Junior Member keeley's Avatar
    Join Date
    Jun 2009
    Posts
    67

    Default request Xplico

    I think Xplico is a good choice, on bt4

    "The goal of Xplico is extract from an internet traffic capture the applications data contained.
    For example, from a pcap file Xplico extracts each email (POP, IMAP, and SMTP protocols), all HTTP contents, each VoIP call (SIP), FTP, TFTP, and so on. Xplico isn’t a network protocol analyzer. Xplico is an open source Network Forensic Analysis Tool (NFAT).
    Xplico is released under the GNU General Public License"

  2. #2
    Just burned his ISO
    Join Date
    Aug 2009
    Posts
    3

    Default

    Sounds like a great idea, Backtrack could use some more network forensic analysis tools, I'm not to criticize it, but is it set up well and have you tried it out yourself, just out of curiosity .

  3. #3
    Junior Member
    Join Date
    Mar 2010
    Posts
    26

    Default

    I've tried building it in BT4 pre-final from the current source(0.5.2) as well as using their installer with no success. Their installer really did a number on my machine. It took me about an hour to clean up that mess (I think I've reverted everything back to where it was...) I was going to file a bug report on the site but I couldn't trace all the errors. Just about every script in the installer had multiple build errors. Most of them looked like they were trying to install 64bit libs on a 32bit system even though the installer asks for the os version when it first starts.

    If someone does manage to get this working I'd be curious to hear how you managed.

  4. #4
    My life is this forum Snayler's Avatar
    Join Date
    Jan 2010
    Posts
    1,418

    Default

    Quote Originally Posted by crooks View Post
    I've tried building it in BT4 pre-final from the current source(0.5.2) as well as using their installer with no success. Their installer really did a number on my machine. It took me about an hour to clean up that mess (I think I've reverted everything back to where it was...) I was going to file a bug report on the site but I couldn't trace all the errors. Just about every script in the installer had multiple build errors. Most of them looked like they were trying to install 64bit libs on a 32bit system even though the installer asks for the os version when it first starts.

    If someone does manage to get this working I'd be curious to hear how you managed.
    It's a really big process... Check it out:

    Code:
    apt-get install sqlite tcpdump tshark libx11-dev libxt-dev libxi-dev apache2 php5 php5-sqlite build-essential perl zlib1g-dev libpcap-dev libsqlite0-dev libmysqlclient15-dev python2.5-minimal python2.5 python-all
    cd /tmp
    wget http://downloads.sourceforge.net/project/xplico/xplico/version%200.5.2/xplico-0.5.2.tgz
    tar zxvf xplico-0.5.2.tgz
    
    wget http://geolite.maxmind.com/download/geoip/api/c/GeoIP-1.4.5.tar.gz
    tar zxvf GeoIP-1.4.5.tar.gz
    cd GeoIP-1.4.5
    ./configure
    make
    make install
    rm -f *.tar.gz
    cd /tmp/xplico
    
    wget http://geolite.maxmind.com/download/geoip/database/GeoLiteCity.dat.gz
    gzip -d GeoLiteCity.dat.gz
    rm -f *dat.gz
    make
    cd ..
    
    wget http://mirror.cs.wisc.edu/pub/mirrors/ghost/GPL/ghostpdl/ghostpdl-8.70.tar.bz2
    tar jxvf ghostpdl-8.70.tar.bz2
    rm -f *.bz2
    cd ghostpdl-8.70
    make
    cd ..
    cp /tmp/ghostpdl-8.70/main/obj/pcl6 /tmp/xplico/
    rm -rf ghostpdl-8.70
    cd /tmp/xplico
    make install
    
    cd /var/www
    wget http://downloads.sourceforge.net/project/xplico/xplico/version%200.5.2/xplico_interface-0.5.2.tgz
    tar zxvf xplico_interface-0.5.2.tgz
    rm -f *2.tgz
    chmod -R 777 gui.xplico.org
    
    cd /etc/apache2/sites-enabled
    wget http://bricowifi.free.fr/xplico
    
    -->edit /etc/apache2/ports.conf to match the following:
    
    # If you just change the port or add more ports here, you will likely also
    # have to change the VirtualHost statement in
    # /etc/apache2/sites-enabled/000-default
    # This is also true if you have upgraded from before 2.2.9-3 (i.e. from
    # Debian etch). See /usr/share/doc/apache2.2-common/NEWS.Debian.gz and
    # README.Debian.gz
    # xplico Host port
    NameVirtualHost *:9876
    Listen 9876
    NameVirtualHost *:80
    Listen 80
    
    
    nano /etc/php5/apache2/php.ini
    
    post_max_size = 100M
    
    upload_max_filesize = 100M
    
    
    a2enmod rewrite
    /etc/init.d/apache2 restart
    
    And you're done.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •