Set kail Static IP
- https://blog.csdn.net/qq_42103479/article/details/90116237
- https://blog.csdn.net/wjy397/article/details/50663442
Config kail for Internet enabled
https://blog.csdn.net/chenyanhui1087/article/details/53127884
Inetsim redirect error—“this module requires the perl nfqueue-bindings! “
https://packages.debian.org/jessie/perl/nfqueue-bindings-perl
Dependencies about inetsim(mainly about libnfqueue-perl)
- https://www.inetsim.org/packages.html
- https://www.inetsim.org/requirements.html
- https://github.com/chifflier/nfqueue-bindings
- http://secshoggoth.blogspot.com/2009/02/inetsim-installation.html
Attention:
Inetsim(https://github.com/isbheis/inetsim-ext)
1.3 Connection redirection
In addition to connection redirection via fake DNS responses, INetSim allows for IP-based redirection of arbitrary connections (TCP, UDP and ICMP). This feature is only available when running INetSim on Linux platforms with Kernel support for packet queueing (Kernel compile time option CONFIG_NETFILTER_NETLINK_QUEUE).
This feature supports static rules for connection redirection based on target IP address, port and/or protocol. INetSim can also act as a NAT router for redirection of packets to other hosts. Optionally, the TTL value of IP packets sent to the clients from different “virtual” connection targets can be varied to make traffic look more authentic.
Important note: Linux kernel versions 3.5.0 and later no longer include the ip_queue module, so INetSim's redirect feature only works with earlier kernel versions.
就此来看我的kail无法使用inetsim的redirect feature,因为内核版本为5.20【uname -r/-a】
Apatedns runnning need Net frameword 2.0
-
http://support.neurosky.com/kb/applications/error-the-application-failed-to-initialize-properly-0xc0000135-click-on-ok-to-terminate-the-application
-
https://www.microsoft.com/en-us/download/confirmation.aspx?id=1639
Config and build Lab3 env
- https://www.cnblogs.com/hyq20135317/p/5515675.html
- https://techanarchy.net/blog/installing-and-configuring-inetsim
- https://findream.github.io/2018/02/10/%E6%90%AD%E5%BB%BAinetsim%E8%99%9A%E6%8B%9F%E5%88%86%E6%9E%90%E7%BD%91%E7%BB%9C/
- https://www.cnblogs.com/hyq20135317/p/5515675.html
- https://www.freebuf.com/articles/system/177601.html
最全配置参考:https://blog.christophetd.fr/malware-analysis-lab-with-virtualbox-inetsim-and-burp/
Attention:
总的来说是Inetsim的service_bind_address要支持局域虚拟网络的,因此改为0.0.0.0。此外inetsim对SSL的支持不好,因此要用burp来支持SSL。
By default, INetSim listens on the local interface only. To make it available to all the machines of our virtual network, replace the following line in the configuration file we just copied:
#service_bind_address 10.0.0.1
By:
service_bind_address 0.0.0.0
Now, we need to disable systemd-resolved, which is a local DNS server shipped by default with Ubuntu and will conflict with INetSim’s DNS server.
$ sudo systemctl disable systemd-resolved.service
$ sudo service systemd-resolved stop
By default, INetSim’s DNS server will resolve all the domain names to 127.0.0.1. We want any domain name to resolve to 10.0.0.1 (the analysis machine IP) instead; uncomment【解除注释】 the following line:
#dns_default_ip 10.0.0.1
I mentioned earlier that INetSim’s SSL support is not optimal since it only has a single certificate for a single hostname (inetsim.org) and doesn’t allow to generate per-host certificates on the fly. To overcome that, we’ll run Burp on port 443 as a transparent proxy in front of INetSim. Therefore, we need to bind INetSim’s HTTPS server to a different port, say port 8443. Replace the following line:
#https_bind_port 443
By:
https_bind_port 8443
Files About Inetsim
here are some key file locations.
init.d config file - /etc/default/inetsim Main Config - /etc/inetsim/inetsim.conf Data Files - /var/lib/inetsim/ Main Log - /var/log/inetsim/ Reports - /var/log/inetsim/reports
【在用ctrl+C终止inetsim之后,会输出本次产生的日志/报告的路径】
