WireShark

WireShark

This list wouldn’t be complete without the ever popular WireShark. WireShark is an interactive network protocol analyzer and capture utility. It provides for in-depth inspection of hundreds of protocols and runs on multiple platforms.

P2 eXplorer Free

P2 eXplorer Free

P2 eXplorer is a forensic image mounting tool that allows you to mount a forensic image as a physical disk

Network Forensic Analysis Tool

Xplico is an open source Network Forensic Analysis Tool (NFAT) that aims to extract applications data from internet traffic
(e.g. Xplico can extract an e-mail message from POP, IMAP or SMTP traffic). Features include support for a multitude of protocols (e.g. HTTP, SIP, IMAP, TCP, UDP), TCP reassembly, and the ability to output data to a MySQL or SQLite database, amongst others.

12 Xplico

Once you’ve installed Xplico, access the web interface by navigating to http://<IPADDRESS>:9876 and logging in with a normal user account. The first thing you need to do is create a case and add a new session. When you create a new session you can either load a PCAP file (acquired from Wireshark for example) or start a live capture. Once the session has finished decoding, use the navigation menu on the left hand side to view the results.

php navigation

<?php
if($_SERVER['QUERY_STRING'] == "SoD")
 print "owns you!";
else
 print "don't front!";
?>


Description: Instead of calling files like ( index.php?str=blah ) , you could do ( index.php?SoD ) and it would print out "owns you!". You can add more strings in there, this is just an example.