←back to thread

Apple's apps bypass firewalls like LittleSnitch and LuLu on macOS Big Sur

(twitter.com)
1183 points robenkleene | 2 comments | 20 Oct 20 15:51 UTC | HN request time: 0.442s | source
Show context
metroholografix ◴[20 Oct 20 16:23 UTC] No.24839240[source]
Background: I've written my own kernel extension that works in similar manner to Little Snitch, but does a lot more, including SSL MITM and on-demand packet capture, that I've been using for more than 10 years now.

It's a fact that Apple has continuously moved to lock down macOS in ways that are antithetical to folks that want full control over their operating system. To many of us that moved on from Linux on the desktop, the combination of a stable/uniform/attractive desktop environment with a Unix core that had great developer documentation -no longer the case!- and nicely-designed APIs was too much to resist. Unfortunately, the push towards consumers and Apple's increasingly one-sided my-way-or-the-highway approach (fueled by security concerns that to me are completely irrelevant, if not a huge annoyance and waste of time) means that a lot of us oldschool Unix hackers were left out in the cold.

I don't plan to upgrade past Mojave and at some point in the future I will move back to Linux.

replies(9): >>24839367 #>>24839592 #>>24839989 #>>24840003 #>>24840032 #>>24840486 #>>24840753 #>>24845499 #>>24847280 #
1. Wowfunhappy ◴[20 Oct 20 18:28 UTC] No.24840753[source]
> I've written my own kernel extension that works in similar manner to Little Snitch, but does a lot more, including SSL MITM and on-demand packet capture, that I've been using for more than 10 years now.

I'd be interested to read more about this, and maybe even use your kext. I'm currently MITM'ing all of my SSL traffic[1] for a different, esoteric reason: I insist on using a 7-year-old version of macOS, and it doesn't natively support modern SSL ciphers, so I have to add it in with an mitm proxy.

I've run into a handful of issues with various software that I've had to work through as they arise, but if you've been doing this for ten years you've probably seen it all already.

1: https://forums.macrumors.com/threads/fixing-maverickss-outda...

replies(1): >>24842023 #
2. dhaavi ◴[20 Oct 20 20:26 UTC] No.24842023[source]
> I'd be interested to read more about this

Yeah, me too!