Brute-forcing a macOS user’s real name from a browser using mDNS

In this article, the author explores a privacy vulnerability in Apple devices, specifically macOS. They demonstrate a technique that can be used to reveal a user’s first name without permission using the mDNS protocol. The technique involves brute-forcing a list of the 50 most popular gender-specific names from a specific country of origin. The article explains how the mDNS protocol works and how it is used on Apple devices. It then describes how hostnames can be resolved from a browser using a timing workaround. The author also explains how the macOS local hostname can be used to brute-force a user’s name. The article concludes by discussing the limitations and impracticality of the attack. The author mentions that this vulnerability is not specific to Apple devices and can be utilized in various ways.

To top