xplico

The goal of Xplico is extract from an internet traffic capture the applications data contained. For example, from a pcap file Xplico extracts each email (POP, IMAP, and SMTP protocols), all HTTP contents, each VoIP call (SIP, MGCP, H323), FTP, TFTP, and so on. Xplico is not a network protocol analyzer.

Installed size: 10.00 MB
How to install: sudo apt install xplico

mfbc

root@kali:~# mfbc -h
mfbc v1.2.2
Internet Traffic Decoder (NFAT).
See http://www.xplico.org for more information.

Copyright 2007-2019 Gianluca Costa & Andrea de Franceschi and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

This product includes GeoLite data created by MaxMind, available from http://www.maxmind.com/.

usage: mfbc [-h] [-s] [-l] [-i] [-c <config_file>] -p <port>
	-c config file
	-s silent
	-p connection port
	-i info (PEI generated by this manipulator)
	-l print all log in the screen
	-h this help
	NOTE: parameters MUST respect this order!

mfile

root@kali:~# mfile -h
mfile v1.2.2
Internet Traffic Decoder (NFAT).
See http://www.xplico.org for more information.

Copyright 2007-2019 Gianluca Costa & Andrea de Franceschi and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

This product includes GeoLite data created by MaxMind, available from http://www.maxmind.com/.

usage: mfile [-h] [-s] [-l] [-i] [-c <config_file>] -p <port>
	-c config file
	-s silent
	-p connection port
	-i info (PEI generated by this manipulator)
	-l print all log in the screen
	-h this help
	NOTE: parameters MUST respect this order!

mpaltalk

root@kali:~# mpaltalk -h
mpaltalk v1.2.2
Internet Traffic Decoder (NFAT).
See http://www.xplico.org for more information.

Copyright 2007-2019 Gianluca Costa & Andrea de Franceschi and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

This product includes GeoLite data created by MaxMind, available from http://www.maxmind.com/.

usage: mpaltalk [-h] [-s] [-l] [-i] [-c <config_file>] -p <port>
	-c config file
	-s silent
	-p connection port
	-i info (PEI generated by this manipulator)
	-l print all log in the screen
	-h this help
	NOTE: parameters MUST respect this order!

mwmail

root@kali:~# mwmail -h
mwmail v1.2.2
Internet Traffic Decoder (NFAT).
See http://www.xplico.org for more information.

Copyright 2007-2019 Gianluca Costa & Andrea de Franceschi and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

This product includes GeoLite data created by MaxMind, available from http://www.maxmind.com/.

usage: mwmail [-h] [-s] [-l] [-i] [-c <config_file>] -p <port>
	-c config file
	-s silent
	-p connection port
	-i info (PEI generated by this manipulator)
	-l print all log in the screen
	-h this help
	NOTE: parameters MUST respect this order!

trigcap

root@kali:~# trigcap -h

usage: trigcap [-v] -f <input_file> -t <pkt num> -b <pkt numbers before> -a <pkt numbers after> -o <output_file> [-h]
	-v version
	-f input pcap file
	-t trigger packet number
	-b packet numbers before trigger packet
	-a packet numbers after trigger packet
	-o output pcap file
	-h this help

xplico

root@kali:~# xplico -h
xplico v1.2.2
Internet Traffic Decoder (NFAT).
See http://www.xplico.org for more information.

Copyright 2007-2019 Gianluca Costa & Andrea de Franceschi and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

This product includes GeoLite data created by MaxMind, available from http://www.maxmind.com/.

usage: xplico [-v] [-c <config_file>] [-h] [-s] [-g] [-l] [-i <prot>] -m <capute_module>
	-v version
	-c config file
	-h this help
	-i info of protocol 'prot' 
	-g display graph-tree of protocols
	-l print all log in the screen
	-s print every second the deconding status
	-m capture type module
	NOTE: parameters MUST respect this order!

xplico-webui

root@kali:~# xplico-webui -h
[i] Something is already using port: 9876/tcp
COMMAND     PID     USER   FD   TYPE  DEVICE SIZE/OFF NODE NAME
apache2 3753455     root    6u  IPv6 1590993      0t0  TCP *:9876 (LISTEN)
apache2 3753536 www-data    6u  IPv6 1590993      0t0  TCP *:9876 (LISTEN)
apache2 3753540 www-data    6u  IPv6 1590993      0t0  TCP *:9876 (LISTEN)
apache2 3753546 www-data    6u  IPv6 1590993      0t0  TCP *:9876 (LISTEN)
apache2 3753550 www-data    6u  IPv6 1590993      0t0  TCP *:9876 (LISTEN)
apache2 3753555 www-data    6u  IPv6 1590993      0t0  TCP *:9876 (LISTEN)

UID          PID    PPID  C STIME TTY      STAT   TIME CMD
root     3753455       1  0 06:47 ?        Ss     0:00 /usr/sbin/apache2 -k start
www-data 3753536 3753455  0 06:47 ?        S      0:00 /usr/sbin/apache2 -k start
www-data 3753540 3753455  0 06:47 ?        S      0:00 /usr/sbin/apache2 -k start
www-data 3753546 3753455  0 06:47 ?        S      0:00 /usr/sbin/apache2 -k start
www-data 3753550 3753455  0 06:47 ?        S      0:00 /usr/sbin/apache2 -k start
www-data 3753555 3753455  0 06:47 ?        S      0:00 /usr/sbin/apache2 -k start

[*] Please wait for the Xplico service to start.
[*]
[*] You might need to refresh your browser once it opens.
[*]
[*]  Web UI: http://127.0.0.1:9876

xplico-webui-stop

root@kali:~# xplico-webui-stop -h
* apache2.service - The Apache HTTP Server
     Loaded: loaded (/usr/lib/systemd/system/apache2.service; disabled; preset: disabled)
     Active: inactive (dead)
       Docs: https://httpd.apache.org/docs/2.4/

Feb 26 06:47:37 kali systemd[1]: Starting apache2.service - The Apache HTTP Server...
Feb 26 06:47:37 kali apachectl[3753402]: AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using 127.0.1.1. Set the 'ServerName' directive globally to suppress this message
Feb 26 06:47:37 kali systemd[1]: Started apache2.service - The Apache HTTP Server.
Feb 26 06:47:52 kali systemd[1]: Stopping apache2.service - The Apache HTTP Server...
Feb 26 06:47:52 kali apachectl[3787740]: AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using 127.0.1.1. Set the 'ServerName' directive globally to suppress this message
Feb 26 06:47:52 kali systemd[1]: apache2.service: Deactivated successfully.
Feb 26 06:47:52 kali systemd[1]: Stopped apache2.service - The Apache HTTP Server.

* xplico.service - Xplico
     Loaded: loaded (/usr/lib/systemd/system/xplico.service; disabled; preset: disabled)
     Active: inactive (dead)
       Docs: https://www.xplico.org/docs

Feb 26 06:47:37 kali systemd[1]: Starting xplico.service - Xplico...
Feb 26 06:47:37 kali systemd[1]: xplico.service: Can't open PID file /run/dema.pid (yet?) after start: No such file or directory
Feb 26 06:47:37 kali systemd[1]: Started xplico.service - Xplico.
Feb 26 06:47:52 kali systemd[1]: Stopping xplico.service - Xplico...
Feb 26 06:47:52 kali systemd[1]: xplico.service: Deactivated successfully.
Feb 26 06:47:52 kali systemd[1]: Stopped xplico.service - Xplico.