virtualbox-host-only-network-cuckoo-sandbox-0-4-2/

http://precisionsec.com/virtualbox-host-only-network-cuckoo-sandbox-0-4-2/

virtualbox 설치 후 (cuckoo)agent.py와 xmlrpc로 연결되려면 host-only interface를 연결해야함

host-only 연결이지만 방화벽 설정 해주면 nat같이 사용가능. 아래 참조.

The purpose of this post is to guide you through setting up host-only networking using VirtualBox for Cuckoo Sandbox. Using this method you can have multiple analysis machines running on the same server concurrently while giving all of them access to the Internet. This method is preferred over bridged networking because you only need one external IP. This post assumes that you have Virtualbox and your guest VMs installed and Cuckoo extracted somewhere.

First create a host-only interface on host:

vboxmanage hostonlyif create
vboxmanage hostonlyif ipconfig vboxnet0 --ip 192.168.56.1

Now you should see vboxnet0 configured with that IP when running ifconfig:

vboxnet0  Link encap:Ethernet  HWaddr 0A:00:27:00:00:00  
          inet addr:192.168.56.1  Bcast:192.168.56.255  Mask:255.255.255.0
          inet6 addr: fe80::800:27ff:fe00:0/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:273 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:0 (0.0 b)  TX bytes:31818 (31.0 KiB)

Next you need to set the NIC on the guest Virtual Machine as a host only interface. This can be done with the following commands:

vboxmanage modifyvm CuckooBox --hostonlyadapter1 vboxnet0
vboxmanage modifyvm CuckooBox --nic1 hostonly

Now you will have to set up networking on the guest to use the host as a gateway. I use the following settings:

Static IP - 192.168.56.101
DNS - any DNS server (8.8.8.8)
Default Gateway - 192.168.56.1

In order to have your Virtual Machines be able to access the internet you will have to add the followingiptables rules. This will forward packets through the host and on to the Internet:

iptables -A FORWARD -o eth0 -i vboxnet0 -s 192.168.56.0/24 -m conntrack --ctstate NEW -j ACCEPT
iptables -A FORWARD -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
iptables -A POSTROUTING -t nat -j MASQUERADE

You will also need to enable IP forwarding on the host by issuing the following command (as root):

echo 1 > /proc/sys/net/ipv4/ip_forward

If everything worked properly you should now have Internet connectivity from the guest to the Internet and you should be able to ping back and forth between the guest and the host.

Now you need to install the agent on the guest and edit the conf/virtualbox.conf file with the correct parameters as outlined in the Cuckoo documentation, set up your snapshot and you are in business.