Easily Bypassing Little Snitch

General discussions about Little Snitch
Post Reply
unixpickle
Posts: 1
Joined: Fri Nov 26, 2010 12:08 am

Easily Bypassing Little Snitch

Post by unixpickle » Fri Nov 26, 2010 12:23 am

As a developer for the mac and for unix systems in general, I was curious to see how secure little snitch actually is. It looks to me that little snitch is very secure when it comes to code obfuscation, distributed object protection, and of course kernel extension unload prevention. It seems to me though that the one flaw in the Little Snitch "Allow or Deny" system is simple. I can write an applescript that allows a connect automatically, if it does not go through. Since I wanted to test if my theory was correct, I wrote a simple cocoa application for doing just that.

I wrote a small command-line cocoa application that automatically allows an outgoing internet connect (simply by hitting enter) if a connection takes more than one second to make. I posted the source code for this to my website: http://www.jitsik.com/uploads/BypassTheSnitch.zip. Obviously the fact that applescript can do something like this so easily is obvious, and I don't exactly know an easy way that it could be prevented. There should possibly be a setting to disable "enter for allow", or something of that nature. I tried this with "Allow GUI Scripting access to Little Snitch" on and off, and it worked both ways.

I would also like to point out that this is not a major issue, since the attempt is flawed in several ways. First: the user will see a little snitch window temporarily before it hits "Accept". Another thing to think about is network speed. If the user is not connected to the internet, then the app might hit enter whether or not little snitch is running, causing a beep sound or something that may alert the user. Due to these flaws of this approach, I still trust little snitch to keep my computer safe.

geoffb
Posts: 2
Joined: Thu Nov 25, 2010 7:38 pm

Re: Easily Bypassing Little Snitch

Post by geoffb » Sat Nov 27, 2010 2:52 am

It's possibly worth observing that if you uncheck "Confirm with Return and Escape" your tool doesn't work as written.

Image

Of course, it's also worth observing that if you modify your sample to also send the command key at the same time it sends the return key, it works with either setting for this option.

r.giskard
Rank 2
Rank 2
Posts: 66
Joined: Tue Jul 14, 2009 10:44 am

Re: Easily Bypassing Little Snitch

Post by r.giskard » Sat Nov 27, 2010 7:29 pm

Doesn't work for me. Just get the Little Snitch alert. -> Terminal via BypassTheSnitch wants to connect to xxx.aqnichol.com ...
And a clicking on Deny denies the connection. I am using the latest version Little Snitch 2.3.3
Cheers!

norbert
Objective Development
Objective Development
Posts: 648
Joined: Thu Nov 09, 2006 6:30 pm

Re: Easily Bypassing Little Snitch

Post by norbert » Mon Dec 06, 2010 2:39 pm

unixpickle wrote:I wrote a small command-line cocoa application that automatically allows an outgoing internet connect (simply by hitting enter) if a connection takes more than one second to make ... I tried this with "Allow GUI Scripting access to Little Snitch" on and off, and it worked both ways.


This issue has already been addressed in Little Snitch 2.3.3.

Post Reply