Question regarding Network routing and InetSim

[artist740]

About accounts on capesandbox.com

• Issues isn't the way to ask for account activation. Ping capesandbox in Twitter with your username

This is open source and you are getting free support so be friendly!

Prerequisites

Please answer the following questions for yourself before submitting an issue.

• [ + ] I am running the latest version
• [ + ] I did read the README!
• [ + ] I checked the documentation and found no answer
• [ + ] I checked to make sure that this issue has not already been filed
• [ + ] I'm reporting the issue to the correct repository (for multi-repository projects)
• [ + ] I have read and checked all configs (with all optional parts)

Context

Hello, I have a question about Network routing and InetSim. I’ve set up Cape and Remnux machines, where the Cape machine’s default network gateway points to InetSim. I wrote a test PowerShell script that tries to open a page an example.com when it is submitted for analysis. If it gets a 200 response, it then tries to download a file.exe from the corresponding website. And now this works because InetSim sends back a 200 response and an empty file for the download.

Right now, I have the routing and internet settings set to "none" to keep the Cape VM off the internet and avoid any connections.

So, my question is: Will my current network configurations still work properly if I don’t use CAPE Rooter? Or is there a way to use CAPE Rooter without turning on the internet for the machine and routing everything to InetSim? I am asking that question because I am worried that the current setup with route none and not working CAPE Rooter is not right.

I apologize for the inconvenience, but despite reviewing the documentation multiple times, I am still unable to finalize this question. As you are the experts, I would appreciate your assistance. Thanks in advance.

My configurations:

[cuckoo]
machinery_screenshots = on
reschedule = on
allow_static = yes

[resultserver]
ip = 192.168.100.1

---kvm.conf---

[kvm]
# Specify a comma-separated list of available machines to be used. For each
# specified ID you have to define a dedicated section containing the details
# on the respective machine. (E.g. cuckoo1,cuckoo2,cuckoo3)
machines = win10

interface = virbr1
# To connect to local or remote host
dsn = qemu:///system

[win10]
# Specify the label name of the current machine as specified in your
# libvirt configuration.
label = win10

# Specify the operating system platform used by current machine
# [windows/darwin/linux].
platform = windows

# Specify the IP address of the current virtual machine. Make sure that the
# IP address is valid and that the host machine is able to reach it. If not,
# the analysis will fail. You may want to configure your network settings in
# /etc/libvirt/<hypervisor>/networks/
ip = 192.168.100.171

# Specify tags to display
# Tags may be used to specify on which guest machines a sample should be run
# NOTE - One of the following OS version tags MUST be included for Windows VMs:
# winxp,win7, win10, win11
# Some samples will only detonate on specific versions of Windows (see web.conf packages for more info)
# Example: MSIX - Windows >= 10
# tags = winxp,acrobat_reader_6

# (Optional) Specify the snapshot name to use. If you do not specify a snapshot
# name, the KVM MachineManager will use the current snapshot.
# Example (Snapshot1 is the snapshot name):
snapshot = snapshot5

# (Optional) Specify the name of the network interface that should be used
# when dumping network traffic from this machine with tcpdump. If specified,
# overrides the default interface specified in auxiliary.conf
# Example (virbr0 is the interface name):
interface = virbr1

# (Optional) Specify the IP of the Result Server, as your virtual machine sees it.
# The Result Server will always bind to the address and port specified in cuckoo.conf,
# however you could set up your virtual network to use NAT/PAT, so you can specify here
# the IP address for the Result Server as your machine sees it. If you don't specify an
# address here, the machine will use the default value from cuckoo.conf.
# NOTE: if you set this option you have to set result server IP to 0.0.0.0 in cuckoo.conf.
# Example:
resultserver_ip = 192.168.100.1

# (Optional) Specify the port for the Result Server, as your virtual machine sees it.
# The Result Server will always bind to the address and port specified in cuckoo.conf,
# however you could set up your virtual network to use NAT/PAT, so you can specify here
# the port for the Result Server as your machine sees it. If you don't specify a port
# here, the machine will use the default value from cuckoo.conf.
# Example:
resultserver_port = 2042

# Set the machine architecture
# Required to auto select proper machine architecture for sample
# x64 or x86
arch = x64

# (Optional) Specify whether or not the machine should be reserved, meaning that it will
# only be used for a detonation if specifically requested by its label.
# reserved = no

---routing.conf---

[routing]
enable_pcap = yes

route = none
internet = none
rt_table = virbr1
verify_interface = yes

[inetsim]
enabled = yes
server = 192.168.100.221
dnsport = 53
interface = virbr1

---auxiliary.conf---

[auxiliary_modules]
procmon = no
human_windows = yes
human_linux = yes

[gateways]
RTR1 = 192.168.122.1
RTR2 = 192.168.100.1
INETSIM = 192.168.100.221

[doomedraven]

well if you did that on gateway side, you don't need router