I have an app (Google's Android Emulator running via QEMU) running on Ubuntu inside a docker instance. I want to:
- Capture all network traffic (packets) comming from a VM running inside QEMU.
- Prevent traffic from that VM from reaching the internet while leaving the rest of the instance connected
- Spoof responses to requests made from that VM to other servers, pretending that I am those servers
- Do all of this in an automated headless way (no user input, just scripts)
When researching this, I discovered https://github.com/mandiant/flare-fakenet-ng, which is exactly what I need. The issue is that it doesn't seem to work in my setup (whenever Fakenet's network driver loads, it disables all network traffic regardless of any configs and I lose control of the docker instance). I asked a question about it here (Enabling a diverter in fakenet-ng on Ubuntu Linux disables all network traffic), but received no answers.
Since I haven't managed to fix this problem so far, I'm looking for a different way to achieve this. What tools and methods should I use? What are their upsides and downsides?