Spoof a MAC address to gain access to MAC whitelisted network.
It’s recommended that you use Kali Linux, but you can install the required programs on any distribution.
A working Linux install with root privileges and a wireless adapter. You should also have a router that you can set up with a MAC whitelist to test.
- # – requires given linux commands to be executed with root privileges either directly as a root user or by use of
- $ – requires given linux commands to be executed as a regular non-privileged user
MAC address whitelisting sounds like a great way to prevent unauthorized access to your wireless network, but it doesn’t work. The purpose of this guide is to demonstrate exactly how easy it is to spoof a whitelisted MAC address and gain access to a restricted network.
This guide is purely for educational purposes. DO NOT attempt this on a network that you do not own.
Install Aircrack-ng and Macchanger
If you’re using Kali, don’t worry about this part. You already have what you need. If you’re on a different distribution, you need to install
aircrack-ng and, if you’d prefer it to
macchanger. Chances are, they’re both readily available in your distro’s repos, so install them.
$ sudo apt install aircrack-ng macchanger
Find A Valid MAC Address
Before you spoof a MAC address, you need one to duplicate. Assuming that only whitelisted addresses can access the network, you need to find the MAC address of a connected device. The best way to do this is by listening to traffic with Aircrack.
ip a to find the interface of your wireless interface. When you have it, use Aircrack to create a new virtual monitoring interface.
$ sudo airmon-ng start wlan0
Take a look at the message in the terminal. It contains the name of the virtual interface. It’s usually
$ sudo airodump-ng mon0
You’ll see a table of date about the wireless networks in your area. Find the one that you’re trying to connect to, and note the BSSID and channel. When you have them, cancel that command.
airodump-ng, specifying the BSSID and channel. This will narrow your results and make the clients easier to pick out.
$ sudo airodump-ng -c 1 --bssid XX:XX:XX:XX:XX:XX mon0
At the bottom of these new results, you’ll see a second table. That table contains information about client connections. To the right, you’ll see the MAC address of the network followed by the MAC of client. Pick one, and notate it. That’s what you’ll be spoofing.
Spoof The MAC
If you haven’t, you can close out of Aircrack now. Your new MAC address can be set with a simple command.
$ sudo ip link set dev wlan0 down $ sudo ip link set dev wlan0 address XX:XX:XX:XX:XX:XX $ sudo ip link set dev wlan0 up
$ sudo macchanger -m XX:XX:XX:XX:XX:XX
Obviously, plug in the MAC of the connected client.
You can now connect to your network like you normally would. Open up your favorite GUI network management tool use the CLI. The network doesn’t care about your computer, other than that MAC address. It’ll even assign it a separate IP with DHCP.
It really is that painfully easy to spoof a MAC address and gain access to a restricted network. Again, this is purely to illustrate that restricting MAC addresses on your home network will not prevent attackers from connecting.