As a developer for the mac and for unix systems in general, I was curious to see how secure little snitch actually is. It looks to me that little snitch is very secure when it comes to code obfuscation, distributed object protection, and of course kernel extension unload prevention. It seems to me though that the one flaw in the Little Snitch "Allow or Deny" system is simple. I can write an applescript that allows a connect automatically, if it does not go through. Since I wanted to test if my theory was correct, I wrote a simple cocoa application for doing just that.
I wrote a small command-line cocoa application that automatically allows an outgoing internet connect (simply by hitting enter) if a connection takes more than one second to make. I posted the source code for this to my website: http://www.jitsik.com/uploads/BypassTheSnitch.zip. Obviously the fact that applescript can do something like this so easily is obvious, and I don't exactly know an easy way that it could be prevented. There should possibly be a setting to disable "enter for allow", or something of that nature. I tried this with "Allow GUI Scripting access to Little Snitch" on and off, and it worked both ways.
I would also like to point out that this is not a major issue, since the attempt is flawed in several ways. First: the user will see a little snitch window temporarily before it hits "Accept". Another thing to think about is network speed. If the user is not connected to the internet, then the app might hit enter whether or not little snitch is running, causing a beep sound or something that may alert the user. Due to these flaws of this approach, I still trust little snitch to keep my computer safe.
Easily Bypassing Little Snitch
Re: Easily Bypassing Little Snitch
It's possibly worth observing that if you uncheck "Confirm with Return and Escape" your tool doesn't work as written.
Of course, it's also worth observing that if you modify your sample to also send the command key at the same time it sends the return key, it works with either setting for this option.
Of course, it's also worth observing that if you modify your sample to also send the command key at the same time it sends the return key, it works with either setting for this option.
Re: Easily Bypassing Little Snitch
Doesn't work for me. Just get the Little Snitch alert. -> Terminal via BypassTheSnitch wants to connect to xxx.aqnichol.com ...
And a clicking on Deny denies the connection. I am using the latest version Little Snitch 2.3.3
Cheers!
And a clicking on Deny denies the connection. I am using the latest version Little Snitch 2.3.3
Cheers!
Re: Easily Bypassing Little Snitch
unixpickle wrote:I wrote a small command-line cocoa application that automatically allows an outgoing internet connect (simply by hitting enter) if a connection takes more than one second to make ... I tried this with "Allow GUI Scripting access to Little Snitch" on and off, and it worked both ways.
This issue has already been addressed in Little Snitch 2.3.3.