Deprecated since version 0.3: Since Cuckoo Sandbox 2.0-RC1 better options exist to handle per-analysis network routing. Please refer to Cuckoo’s official documentation to learn more about this.
By default, and at the moment this is necessary for VMCloak to work, every generated Virtual Machine will have a hostonly network adapter. This adapter is used to talk to Cuckoo. However, as it is host-only, this does not allow the Virtual Machine to reach the internet.
In case you’d like the Virtual Machine to be able to have full access to the internet then that’s also possible of course. However, do take into account that this indirectly allows malware to abuse your internet connection.
There are multiple approaches to getting networking inside the Virtual Machines working - following is the easiest approach. (Other approaches include, but are not limited to, a bridged network adapter, a NAT network, etc.)
In order to setup full internet access for Virtual Machines the following two steps will be taken. Note that these steps can also be taken after generating the Virtual Machines hence magically giving them internet access.
- Setup hostonly network interface
- Run a bash script around iptables(8)
To start off setup a hostonly interface for VirtualBox.
Then run the following bash script as root. For your convenience it can
be found on your system by running
vmcloak-iptables (the name of this
script is subject to change in the future, though.)
#!/bin/sh # Copyright (C) 2014-2015 Jurriaan Bremer. # This file is part of VMCloak - http://www.vmcloak.org/. # See the file 'docs/LICENSE.txt' for copying permission. # Credits to Mark Schloesser, https://github.com/rep/cuckoo-contrib if [ "$1" = "-h" ]; then echo "Usage: $0 [ip_range/cidr] [interfaces..]" echo " $0 192.168.57.0/24 eth0 eth1" echo echo "Defaults to:" echo " $0 192.168.56.0/24 eth0 wlan0" exit fi # Fetch the IP range and CIDR. if [ "$#" -ne 0 ]; then VBOXNET="$1" shift else VBOXNET="192.168.56.0/24" fi # Fetch the interfaces. if [ "$#" -ne 0 ]; then INTERFACES="$*" else INTERFACES="eth0 wlan0" fi iptables -F iptables -t nat -F for i in $INTERFACES; do iptables -t nat -A POSTROUTING -o $i -s "$VBOXNET" -j MASQUERADE done # Default drop. iptables -P FORWARD DROP # Existing connections. iptables -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT # Accept connections from vboxnet to the whole internet. iptables -A FORWARD -s "$VBOXNET" -j ACCEPT # Internal traffic. iptables -A FORWARD -s $VBOXNET -d $VBOXNET -j ACCEPT # Log stuff that reaches this point, could be noisy though. iptables -A FORWARD -j LOG # Actually enable forwarding of packets. This is Debian/Ubuntu specific. echo 1 > /proc/sys/net/ipv4/ip_forward
That being said setting up full internet access for your Virtual Machines boils down to running the following commands:
VBoxManage hostonlyif create VBoxManage hostonlyif ipconfig vboxnet0 --ip 192.168.56.1 sudo vmcloak-iptables