An AppleScript to help manage LittleSnitch via ssh

Sep 30, '05 07:55:00AM

Contributed by: xSmurf

For those who don't know, LittleSnitch is a great application that lets you block outgoing network connections. It's very useful to stop apps (such as trojan horses) from "calling home." The problem is I often log into home via ssh, and want to use stuff like curl, for which I do not want to define a specific rule and would rather have LittleSnitch ask me every time.

Say I want to install something remotely using Fink; I can't, because there's no way to tell LittleSnitch to let curl connect to the mirror. So I came up with a little AppleScript UI script to fix this...

Here's the code:

tell application "System Events"
  tell process "KUC"
    tell window "Little Snitch"
      -- The few lines below are not mandatory
      -- It allows to set  "Allow Any network connection" (default is "Allow Same port")
      click pop up button of group 1
      delay 1
      keystroke "a"
      keystroke return
      -- End of the non mandatory section
      click button "Allow Until Quit"
    end tell
  end tell
end tell
Save the script, and then you can use something like this to allow the exception:
$ curl apple.com | osascript ~/Documents/Allow_Snitch.scpt
This method won't work for everything, though. Like with Fink, which triggers curl only a bit after you run the command, in which case you will need to have two ssh connections opened and guesstimate the appropriate time at which to run the script. It's definitely not a CLI tool for LittleSnitch, but it will do the job most of the time.

Note that I am nowhere near an AppleScript expert. I also believe this could be made better by triggering the AppleScript from a shell script, thus allowing for a few more options. Last but not least, a bit of warning about this: OBDev (the makers of Little Snitch) don't want to make a CLI tool for it, as it could be a security risk. This is probably true and also applies to this script, but that's fine by me.

Comments (11)


Mac OS X Hints
http://hints.macworld.com/article.php?story=2005092816511024