MAC address whitelisting sounds like a great way to prevent unauthorized access to your wireless network, but it does not work as well as you might think. The purpose of this guide is to demonstrate exactly how easy it is to spoof a whitelisted MAC address and gain access to a restricted network. In the steps below, you will see how to spoof a MAC address to gain access to MAC whitelisted network on Kali Linux.
In this tutorial you will learn:
- How to find a whitelisted MAC address
- How to spoof a whitelisted MAC address
|Requirements, Conventions or Software Version Used
|aircrack-ng, ip, macchanger
|Privileged access to your Linux system as root or via the
Wireless adapter and a router that you can set up with a MAC whitelist to test
# – requires given linux commands to be executed with root privileges either directly as a root user or by use of
$ – requires given linux commands to be executed as a regular non-privileged user
Gain access to a MAC whitelist WiFi network step by step instructions
It is recommended that you use Kali Linux when running through the steps below, but you can technically install the required programs on any distribution and use it to gain access to your Wifi network.
This guide is purely for educational purposes. DO NOT attempt this on a network that you do not own.
Install Aircrack-ng and Macchanger
If you’re using Kali, don’t worry about this part. You already have what you need. If you’re on a different distribution, you need to install
aircrack-ngand, if you’d prefer it to
macchanger. Chances are, they’re both readily available in your distro’s repos, so install them.
$ sudo apt install aircrack-ng macchanger
Find A Valid MAC Address
Before you spoof a MAC address, you need one to duplicate. Assuming that only whitelisted addresses can access the network, you need to find the MAC address of a connected device. The best way to do this is by listening to traffic with Aircrack. Run
ip ato find the interface of your wireless interface. When you have it, use Aircrack to create a new virtual monitoring interface.
$ sudo airmon-ng start wlan0
- Take a look at the message in the terminal. It contains the name of the virtual interface. It’s usually
$ sudo airodump-ng mon0
You’ll see a table of date about the wireless networks in your area. Find the one that you’re trying to connect to, and note the BSSID and channel. When you have them, cancel that command.
airodump-ng, specifying the BSSID and channel. This will narrow your results and make the clients easier to pick out.
$ sudo airodump-ng -c 1 --bssid XX:XX:XX:XX:XX:XX mon0
At the bottom of these new results, you’ll see a second table. That table contains information about client connections. To the right, you’ll see the MAC address of the network followed by the MAC of client. Pick one, and notate it. That’s what you’ll be spoofing.
Spoof The MAC
If you haven’t, you can close out of Aircrack now. Your new MAC address can be set with a simple command.
$ sudo ip link set dev wlan0 down $ sudo ip link set dev wlan0 address XX:XX:XX:XX:XX:XX $ sudo ip link set dev wlan0 up
$ sudo macchanger -m XX:XX:XX:XX:XX:XX
Obviously, plug in the MAC of the connected client.
Connect to Network
You can now connect to your network like you normally would. Open up your favorite GUI network management tool or use the command line. The network doesn’t care about your computer, other than that MAC address. It’ll even assign it a separate IP with DHCP.
In this tutorial, we saw how to gain access to a MAC whitelist Wifi network on a Kali Linux system (or any distro that has the proper tools installed). It really is that painfully easy to spoof a MAC address and gain access to a restricted network. Again, this is purely to illustrate that restricting MAC addresses on your home network will not prevent attackers from connecting.