guest@s6y.org:/home/trumanbox # _

cd ..

TrumanBox - Internet Emulation


Back in 2007 I started my thesis by working on some sort of gateway ment to provide responses to malware, which attempts to interact with the Internet. This way I came up with the idea refining a bridge, by adding some redirection plus some very flexible server service. The resulting implementation and configuration is called TrumanBox.
Within this work different problems like transparent redirection, flexible protocoll identification, and spoofing attempts are combined in order to trick malware by providing responses similar to those the Internet would give. As a network bridge the whole system can be flexible integrated almost arbitrarily within an existing computer network infrastructure.
Once placed it can operate in 4 different modes: full emulation, half emulation, proxy, and transparent. Each of the operation modes meets different security policies. Therefore the system is in particular usefull to those who want to run malware samples for the purpose of behavior-based analysis and cannot connect their analysis platform straight to the Internet due to legal issues.

Download

A newer version is available at sourceforge.net as subversion checkout. Here you may only find the version I have submitted as a result of my thesis work.

Source package (incl. thesis): TrumanBox-0.1.03.tar.gz

Corresponding thesis: TrumanBox-Thesis.pdf

The TrumanBox is rather meant for advanced users. I do not take any responsibility, but you are free to use it on your own risk.
Feedback is very welcome so do not hesitate to drop me a line addressing the user "trumanbox", who has a mailbox at this domain you are visiting right now...

t

r

u

m

a

n

b

o

x

(at)

s

6

y

(dot)

o

r

g

cd ..