I have posted a request in the Helix forum for the upgrade of PyFLAG, the latest PyFLAG which is version 0.78 has a new function called Network Forensic. Now you can load your pcap file into PyFLAG web interface, and access to the packet content to perform Network Forensic. Hereby I have posted the screenshots of Helix 1.7 and PyFLAG-0.78, I have downloaded the pcap file from taosecurity.blogspot.com and load it to the PyFLAG for packet navigation.
The new and shiny Helix :]
This is PyFLAG in Helix, loading single packet content in it's web gui. There are functions like Browse HTTP request and etc to ease your work.The only thing I feel dissapointed about Helix is that Sguil client no longer available, but maybe that's the purpose of Helix, which is Forensic Centric, however one should know you may able to perform Network Forensic with Sguil.
No comments:
Post a Comment