To give a guest only one network card with host-only networking, yet still let it access the Internet, we can let it connect to an HTTP proxy running on the host. If this proxy is polipo, we can configure it to connect to tor’s SOCKS server as its upstream:
Then what happens? Any and all Internet traffic from the guest VM is delivered via Tor. Since the guest doesn't have Internet access of its own, any software which doesn't cooperate with the proxy cannot communicate. Although malware on a compromised guest could still exfiltrate data, it hides the host's true external IP address from the malware. (Assuming, dangerously, no security bugs in polipo nor VirtualBox that would allow a compromise of the host.)
I said that first, but maybe not very clearly, on twitter.
But… given an appropriate proxy, traffic can be forwarded over any transport. A proxy could accept data from the guest and transmit it via VPN. On the other hand, building a VPN client into VirtualBox to offer a VPN network type would let a client connect to a VPN without necessarily allowing other host processes access to it, nor requiring the VPN to be mediated by an additional (dual-homed) guest.
Polipo doesn't have to use tor as a backend, either; it's also perfectly capable of forwarding using ssh's SOCKS proxy. (This is known as "dynamic tunnel mode" in some clients.) Compared to the amount of software and configuration needed to set up the average VPN, ssh is just as secure and much easier to get running.
Sending traffic via proxy is an effective way to apply further modifications to the destination stream, without needing the cooperation of software connecting to the proxy.
No comments:
Post a Comment