Skip to content
This repository has been archived by the owner on Apr 16, 2021. It is now read-only.

Xplico

Jump to bottom
Doug Burks edited this page Nov 14, 2017 · 15 revisions

Description

From http://www.xplico.org/about:

The goal of Xplico is extract from an internet traffic capture the applications data contained. For example, from a pcap file Xplico extracts each email (POP, IMAP, and SMTP protocols), all HTTP contents, each VoIP call (SIP), FTP, TFTP, and so on. Xplico isn’t a network protocol analyzer. Xplico is an open source Network Forensic Analysis Tool (NFAT).

Enabling

Xplico is disabled by default by modern versions of Setup. This is controlled by the XPLICO_ENABLED setting in /etc/nsm/securityonion.conf.

Logging In

From http://wiki.xplico.org/doku.php?id=interface:

The default username and password are:
username: xplico
password: xplico

The default admin username and password are:
username: admin
password: xplico

More Information

For more information, please see:
http://www.xplico.org/

Removing

If you don't use Xplico, you should remove it as follows.

Disable Xplico in /etc/nsm/securityonion.conf:

sudo sed -i 's|XPLICO_ENABLED=yes|XPLICO_ENABLED=no|g' /etc/nsm/securityonion.conf

Install all updates to ensure you're running the latest version of the securityonion-iso metapackage:

sudo soup

Remove Xplico and its dependencies:

sudo apt purge lame libgeoip-dev libjson-c-dev libmp3lame0 librecode0 php5-sqlite python3-httplib2 python3-psycopg2 recode securityonion-ndpi sqlite3 xplico

Remove Xplico shortcuts:

sudo rm /home/*/Desktop/securityonion-xplico*

Getting Started

Update/Upgrade

Analyst Tools

Network Visibility

Host Visibility

Elastic Stack

Customizing for your network

Tuning

Tricks and Tips

Help

Issues

Other

Scripts

Clone this wiki locally