top | item 11212294

(no title)

The author used `tcpdump -i lo0 -s 65535 -w info.pcap` which, as a non-root user without sudo, successfully captures loopback traffic in OS X 10.11.3.

I just tried it, and with Chrome and 1Password, I was able to see my auto-filled bank password in the pcap. So, I presume any process on my system, without root privileges, would be able to sniff loopback.

I don't see why 1Password wouldn't use TLS here. This is not good.

discuss

tptacek|10 years ago

Your system is misconfigured.

    > $ tcpdump -i lo0 -s 65535 -w info.pcap                                                 
    tcpdump: lo0: You don't have permission to capture on that device
    ((cannot open BPF device) /dev/bpf0: Permission denied)

eclipxe|10 years ago

I'm on OS X 10.11.3:

tcpdump -i lo0 -s 65535 -w info.pcap tcpdump: lo0: You don't have permission to capture on that device ((cannot open BPF device) /dev/bpf0: Permission denied)

tonywebster|10 years ago

This is a fresh OS X install on a test machine :/

unknown|10 years ago

[deleted]

msbarnett|10 years ago

    $ tcpdump -i lo0 -s 65535 -w info.pcap 
    tcpdump: lo0: You don't have permission to capture on that     device
    ((cannot open BPF device) /dev/bpf0: Permission denied)

Looks like you're logged in on a superuser account or have otherwise somehow disable some security settings.

yborg|10 years ago

I also can't access loopback on 10.11.3, I get this exact error. And I'm running as an Administrator account.