0003065: Xplico not working in USB persistence mode after installation - Kali Linux Bug Tracker

ID	Project	Category	View Status	Date Submitted	Last Update

0003065	Kali Linux	Kali Package Bug	public	2016-02-13 11:41	2016-07-28 21:14

Reporter	rodgermoore	Assigned To	sbrun
Priority	normal	Severity	crash	Reproducibility	always
Status	closed	Resolution	fixed
Product Version	2016.1

Summary	0003065: Xplico not working in USB persistence mode after installation
Description	Kali 2016.1 USB persistence mode After installing Xplico (1.1.2) running apt-get install xplico, both cli and webgui are not functioning. Uploading a pcap file using the webgui makes xplico going into an infinite processing loop. Using cli, parsing a pcap immediatly stops Xplico. Logfile in /opt/xplico/tmp shows the following error: 19:44:35 [CORE]{c}-ERROR: Can't load module /opt/xplico/bin/modules/dis_tcp_grb.so: undefined symbol: ndpi_protocol2name 19:44:35 [CORE]{c}-FATAL: Load modules failed I also posted this problem on Xplico forum http://forum.xplico.org/viewtopic.php?f=4&t=561. Now I think this is Kali related because the Kali repo seems to have an error in how Xplico is installed and dynamic linking is setup. Furthermore this seems important info from the developer of Xplico: The original source code of Xplico uses nDPi statically. This is why nDPi must be compiled before Xplico and its source code must be in the same level (parent dir) of Xplico. the modules (dissectors) which use nDPI are: `tcp_grb udp_grb tcp_ca (added on xplico 1.1.2) udp_ca (added on xplico 1.1.2)` If you are using a modified version of Xplico where the nDPI is linked dynamically to Xplico try to see where the nDPi has been installed in your distro, for example seeing where xplico links the nDPi library.
Steps To Reproduce	01 - Run Kali USB persistence mode. 02 - apt-get install xplico 03 - To run webgui 03 A service apache2 restart 03 B run /opt/xplico/script/sqlite_demo.sh 03 C goto http://localhost:9876 03 D login using xplico xplico 03 E create a new case and a new session 03 F upload a pcap file (not too big for testing, 10 megs is fine) 03 G open top or htop and filter xplico (F4 key) notice respawning processes 03 H kill xplico (infinite loop) 03 I finished 04 A To run cli mode 04 B cd /opt/xplico/bin 04 C run xplico to a pcap example: ./xplico -m pcap ~/Documents/test.pcap 04 D notice it finishes immediately 04 E check log: cat /opt/xplico/bin/tmp/xplico_DATESTAMP.log 04 F notice last 2 lines: [CORE]{c}-ERROR: Can't load module /opt/xplico/bin/modules/dis_tcp_grb.so: undefined symbol: ndpi_protocol2name [CORE]{c}-FATAL: Load modules failed 04 G finished

sbrun 2016-03-23 13:34 manager ~0005011	this issue is now fixed with the new version of libndpi 1.7.1~git20151130.6f3d5a7-1. Some symbols were missing in the previous version in kali. But I have an other error "Manipulator webymsg error Dispatch to manipulator initialization error"

rhertzog 2016-07-12 21:05 administrator ~0005538	rodgermoore, does the latest xplico works fine for you now?

rhertzog 2016-07-28 21:14 administrator ~0005613	Closing ticket since reporter did not respond.

Date Modified	Username	Field	Change
2016-02-13 11:41	rodgermoore	New Issue
2016-03-23 13:34	sbrun	Note Added: 0005011
2016-03-23 13:34	sbrun	Assigned To	=> sbrun
2016-03-23 13:34	sbrun	Status	new => confirmed
2016-07-12 21:05	rhertzog	Note Added: 0005538
2016-07-12 21:05	rhertzog	Status	confirmed => feedback
2016-07-28 21:14	rhertzog	Note Added: 0005613
2016-07-28 21:14	rhertzog	Status	feedback => closed
2016-07-28 21:14	rhertzog	Resolution	open => fixed