Need help in configuring the Internet/dirty line and Inetsim

[vijayakumarcfis]

About accounts on capesandbox.com
• Issues isn't the way to ask for account activation. Ping capesandbox in Twitter with your username

This is open source and you are getting free support so be friendly!
• Free support from doomedraven ended - no whiskey, no support. For updates check the documentation.

Prerequisites
Please answer the following questions for yourself before submitting an issue.
• I am running the latest version
• I did read the README!
• I checked the documentation and found no answer
• I checked to make sure that this issue has not already been filed
• I'm reporting the issue to the correct repository (for multi-repository projects)
• I have read and checked all configs (with all optional parts)

Expected Behavior
I would like to use the internet/dirty line for the analysis but I am unable to find the relevant option in the web/GUI view. Ideally, I want a setup that would provide me options to run analysis through the internet or Inetsim depending on the sample/analysis type. I am not sure if my CAPE configuration is updated with the correct parameters.

Current Behavior

Web/GUI View

I tried to analyze a sample (bat file that I created) that would perform a “nslookup” and use PowerShell to save a webpage on the analysis machine.

When the analysis was run using the “inetsim/fakenet-ng” option, I could see information about the requested DNS lookup but the requested webpage couldn’t be fetched from the internet/Inetsim. FYI, I am running Inetsim on a different (Remnux) VM and don’t see any relevant entries in service.log and in reports.

Enclosing relevant information that would help you in assessing the problem.
1. System setup
a. Physical machine (Windows 10) -> VirtualBox Linux VM (Ubuntu 20.04.4 LTS) running CAPEv2 -> KVM Windows 10 analysis VM
b. I am able to access the internet on the Linux VM

 2. Network information
    a. Linux VM

    b. KVM Windows analysis VM

    c. KVM virtual networks

    d. Remnux VM

3. Excerpts from relevant config files
     
    a. kvm.conf
      `machines = win10
       interface = virbr1
       label = win10
       platform = windows
       ip = 192.168.100.131
       snapshot = cape_to_use`

     b. auxiliary.conf
         `[auxiliary_modules]
              browser = yes
              curtain = no
              digisig = yes
              disguise = yes
              evtx = no
              human = yes
              procmon = no
              screenshots = yes
              sysmon = no
              tlsdump = yes
              usage = no
              filepickup = no
              permissions = no
              pre_script = no
              during_script = no

        [sniffer]
            enabled = yes
       
        interface = virbr1

         [gateways]
              RTR1 = 192.168.122.1
              RTR2 = 192.168.100.1
              RTR3 = 10.0.2.15
              INETSIM = 192.168.100.130`
    
       c. routing.conf
         ` route = internet
            internet = enp0s3
            rt_table = enp0s3
            verify_interface = yes

            [inetsim]
            enabled = yes
            server = 192.168.100.130
            dnsport = 53
            interface = virbr1`

     d. cuckoo.conf
         `machinery = kvm
          rooter = /tmp/cuckoo-rooter     
          ip = 192.168.100.1
          port = 2042
          resolve_dns = on`

Kindly provide inputs and let me know should you need more information. Thank you for all the efforts!

[github-actions]

@vijayakumarcfis: hello! 👋

This issue is being automatically closed because it does not follow the issue template.

This is open source project!
So please apreciate our time that we sacrify from other thing that we could enjoy, instead of asking boring things over and over.

[doomedraven]

did you solve your issue?