Xplico is a NFAT or Network Forensics Analysis Tool that is designed to either capture traffic in real time sessions or to provide an interface to upload PCAP (Packet Capture Data) files for analysis. The current version in Backtrack Linux 5 release 3 is 0.7 however the latest Xplico version is Xplico 1.0.1. I believe there are some dependencies required in the later versions of Xplico so I will write an updated article once Backtrack 6 comes up and the latest version of Xplico can easily be installed.
I have been playing around with xplico which is a NFAT (Network Forensics Analysis Tool) tool included in Backtrack Linux. Pretty cool application though there are some things I am still figuring out or may be caused by the version be older in Backtrack. One of the main items where I could see new users to Xplico running into is actually noted numerous times on Xplico’s website and so I simply wanted to expand on what has already been noted there. If you are having issues uploading pcap files via the Xplico web interface then it is likely related to the size of the pcap file and the size that the Apache web server will accept. Use the information below to modify the web server configuration to allow larger files to be uploaded.
We have had a couple requests to write a post about readpst which is included in the default path of Backtrack 5 and also located in the Backtrack menu underneath Forensics/Forensics Analysis Tools. The readpst application will read PST files which are also known as Microsoft Outlook Personal Folders and convert them to mbox, MH, or KMail formats. There are various other switches that can be used to output each email into a separate file, include attachments, modify contact formats, be recursive, etc. I will explain basic functionality below along with a couple of the formats and various switches.
After upgrading a bunch of WordPress plugins on a site I noticed that comments were not functional on my site for users that were not logged in. This can always be tricky because if someone reports comments not working to the WordPress site administrator they likely will be logged in when they test the comments and think there is nothing wrong. Anyhow if comments are throwing an error and you have the SI Captcha Anti-SPAM WordPress plugin installed then the below content will assist you to resolve the problem.
If you ever need to write a shell script that uses either SSH or SCP to unknown hosts then you will likely have run across the issue of adding the remote host/server to the known_hosts file when automating either of the two commands are called within the script. You can easily get around this either by modifying the client computers ssh_config file or by using the -o switch available for both SSH (Secure Shell) and SCP (Secure Copy). Below we show how to modify the ssh_config file as well as an example of using each with the -o switch.