Xplico.org
http://forum.xplico.org/

Trying with Kali. Stucked with: Manipulator webymsg error
http://forum.xplico.org/viewtopic.php?f=3&t=571
Page 1 of 1

Author:  ttsoares [ Fri Oct 07, 2016 10:12 pm ]
Post subject:  Trying with Kali. Stucked with: Manipulator webymsg error

Kali 2.0, fully updated. Xplico installed from regular repository.
Using only console:

# /usr/bin/xplico -m rltm -i eth0
xplico v1.1.2
Internet Traffic Decoder (NFAT).
See http://www.xplico.org for more information.

Copyright 2007-2014 Gianluca Costa & Andrea de Franceschi and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

This product includes GeoLite data created by MaxMind, available from http://www.maxmind.com/.
Limits changed
Configuration file (/opt/xplico/cfg/xplico_cli.cfg) found!
Error Opening file
Error Opening file GeoLiteCity.dat
Error Opening file GeoIP.dat
Error Opening file
Error Opening file GeoLiteCity.dat
Error Opening file GeoIP.dat
Error Opening file
Error Opening file GeoLiteCity.dat
Error Opening file GeoIP.dat
Error Opening file
Error Opening file GeoLiteCity.dat
Error Opening file GeoIP.dat

After about 20 seconds

Manipulator webymsg error
Dispatch to manipulator initialization error

What i am missing ?
(Beyond experience with Xploco :-)

Author:  gianluca.costa [ Sun Oct 09, 2016 9:15 am ]
Post subject:  Re: Trying with Kali. Stucked with: Manipulator webymsg erro

Hi ttsoares,
may be a bug on webymsg manipulator.
webymsg was designed to manage Yahoo! Web Messenger, but I suppose that now Yahoo! Web Messenger is not the same.

Try to disable the manipulator. I don't know where on Kali there are the configuration files of Xplico may be on /opt/xplico/cfg/ try to find xplico_cli.cfg and comment the line:

Code:
MANIP=webymsg MPBIN=/opt/xplico/bin/mwebymsg


Have you the possibility to send me the pcap file?

Ciao.
Gianluca

Author:  ttsoares [ Sun Oct 09, 2016 1:55 pm ]
Post subject:  Re: Trying with Kali. Stucked with: Manipulator webymsg erro

Wonderful !! Some light did appear and it is from the author :-)

I did what you suggested and now something did change. The error disappeared and now the command

/usr/bin/xplico -m rltm -i eth0

seems to be downloading something and the last output line is:

Download GeoLiteCity.dat from http://geolite.maxmind.com/download/geoip/database/ and gunzip and see config files

it is doing something... i will wait until the prompt comes back.

As soon something happens here will post the results.

I am not yet analyzing captured traffic. Just want to see Xplico working while sniffing eth0.

THANK YOU !!

------------

I have many years of experience with GNU/Linux but am just starting at the security/forensics context.

Author:  ttsoares [ Sun Oct 09, 2016 6:21 pm ]
Post subject:  Re: Trying with Kali. Stucked with: Manipulator webymsg erro

Back again.

After several hours the process did not come back from that download.

I stop the process with Crtl-C and no message came back.

Would be useful to try strace the execution ?

Author:  gianluca.costa [ Sun Oct 09, 2016 8:55 pm ]
Post subject:  Re: Trying with Kali. Stucked with: Manipulator webymsg erro

Hi,

xplico doesn't download anything... the message is only a suggestion, you have to download the GeoliteCity DB and gunzip it (if you want).

xplico stops (freezes) because (this is an hypothesis) there is semaphore (only when xplico is used from CLI). Before start xplico remove this file: /dev/shm/sem.xplico_kml_sem

This file/semaphore can be not deleted if xplico (or a manipulator) crash ... and you find this situation.

Ciao.

Author:  ttsoares [ Tue Oct 11, 2016 7:35 pm ]
Post subject:  Re: Trying with Kali. Stucked with: Manipulator webymsg erro

OK. This is in the case you are in the mood to keep looking at this:

- I downloaded from here: http://dev.maxmind.com/geoip/geoip2/geolite2/

This files
GeoLite2-City.mmdb.gz
GeoLite2-Country.mmdb.gz

Apart from decompressing, where to put those to please Xplico ?

That did not help trying to find the configuration where to put the files:

root@kali:/opt/xplico/cfg# grep -i -R GeoLite *

Finally, files as this /dev/shm/sem.xplico_kml_sem
usually vanish after a reboot... So i do not understand how it is related with the issue in question.

-------------------------

Could you suggest a Linux distribution where Xplico works readily after installed ?

Page 1 of 1 All times are UTC
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group
http://www.phpbb.com/