Edit: November 3, 2016. This post was originally written for Cuckoo 0.4.2. It is still current for the latest release candidate (2.0-rc1).
The purpose of this post is to guide you through setting up host-only networking using VirtualBox for Cuckoo Sandbox. Using this method you can have multiple analysis machines running on the same server concurrently while giving all of them access to the Internet. This method is preferred over bridged networking because you only need one external IP. This post assumes that you have Virtualbox and your guest VMs installed and Cuckoo extracted somewhere.
First create a host-only interface on host:
vboxmanage hostonlyif create vboxmanage hostonlyif ipconfig vboxnet0 --ip 192.168.56.1
Now you should see vboxnet0 configured with that IP when running ifconfig:
vboxnet0 Link encap:Ethernet HWaddr 0A:00:27:00:00:00
inet addr:192.168.56.1 Bcast:192.168.56.255 Mask:255.255.255.0
inet6 addr: fe80::800:27ff:fe00:0/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:273 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 b) TX bytes:31818 (31.0 KiB)
Next you need to set the NIC on the guest Virtual Machine as a host only interface. This can be done with the following commands:
vboxmanage modifyvm CuckooBox --hostonlyadapter1 vboxnet0 vboxmanage modifyvm CuckooBox --nic1 hostonly
Now you will have to set up networking on the guest to use the host as a gateway. I use the following settings:
Static IP - 192.168.56.101 DNS - any DNS server (8.8.8.8) Default Gateway - 192.168.56.1
In order to have your Virtual Machines be able to access the internet you will have to add the following iptables rules. This will forward packets through the host and on to the Internet:
iptables -A FORWARD -o eth0 -i vboxnet0 -s 192.168.56.0/24 -m conntrack --ctstate NEW -j ACCEPT iptables -A FORWARD -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT iptables -A POSTROUTING -t nat -j MASQUERADE
You will also need to enable IP forwarding on the host by issuing the following command (as root):
echo 1 > /proc/sys/net/ipv4/ip_forward
If everything worked properly you should now have Internet connectivity from the guest to the Internet and you should be able to ping back and forth between the guest and the host.
Now you need to install the agent on the guest and edit the conf/virtualbox.conf file with the correct parameters as outlined in the Cuckoo documentation, set up your snapshot and you are in business.
On some distributions, the host-only interface vboxnet0 will not persist between reboots. One way to have it run on reboot is to use the systemd.service.
First create a bash script to run the vboxmanage commands:
mkdir /opt/systemd/ vim /opt/systemd/vboxhostonly #!/bin/bash vboxmanage hostonlyif create vboxmanage hostonlyif ipconfig vboxnet0 --ip 192.168.56.1 * make sure this file has executable permissions
Next create the vboxhostonlynic.service file in /etc/systemd/system/:
Description=Setup VirtualBox Hostonly Adapter After=vboxdrv.service [Service] Type=oneshot ExecStart=/opt/systemd/vboxhostonly [Install] WantedBy=multi-user.target
Now install the systemd service unit and enable it so it will be executed at the boot time:
systemctl daemon-reload systemctl enable vboxhostonlynic.service
You can check if it works properly by running:
systemctl start vboxhostonlynic.service
Sign up for Free Email Updates
Enter your name and email below to sign up for free daily email updates.
[inbound_forms id=”2447″ name=”Contact Form”]
