1. 4
    jcs avatar jcs 1 year ago | link | on: Bypass alerts for Little Snitch and Little Flocker on OS X

    This is why Firefox disables the Allow button for a few seconds when installing an add-on.

    1. 1
      pwnsdx avatar pwnsdx 1 year ago | link

      But I can still click on it. And it would be pain for users to have to wait between each rule validation. I rather use what Apple did: https://twitter.com/pwnsdx/status/812653042898243584 but it looks like there is absolutely no documentation about how they did. If anyone know how they did it, feel free to PM

      1. 2
        jcs avatar jcs 1 year ago | link

        I would imagine there’s some way to tell whether an NSEvent or CGEvent is synthetic, similar to how X11’s XEvent struct has a send_event flag that applications like xterm can check for and block (when allowSendEvents is off).

        Seems kind of strange that EnableSecureEventInput doesn’t do anything regarding mouse input.

        1. 1
          pwnsdx avatar pwnsdx 1 year ago | link

          Found:

          https://twitter.com/JZdziarski/status/813052980127821827 https://twitter.com/JZdziarski/status/813391275059777537

          He didn’t disclosed how exactly he did simulated mouse events capture but it should be the same as for keyboard.

    1. 2
      bigdubs avatar bigdubs 1 year ago | link | on: Bypass alerts for Little Snitch and Little Flocker on OS X

      I would assume it would be trivial for the little snitch devs to defeat this by randomizing whatever ID(s) this is looking for.

      1. 1
        pwnsdx avatar pwnsdx 1 year ago | link

        Nah, it’s much harder than that to mitigate the issue.