ObjectiveSpoof a MAC address to gain access to MAC whitelisted network.
DistributionsIt's recommended that you use Kali Linux, but you can install the required programs on any distribution.
RequirementsA working Linux install with root privileges and a wireless adapter. You should also have a router that you can set up with a MAC whitelist to test.
- # - requires given linux commands to be executed with root privileges either directly as a root user or by use of
- $ - requires given linux commands to be executed as a regular non-privileged user
IntroductionMAC address whitelisting sounds like a great way to prevent unauthorized access to your wireless network, but it doesn't work. The purpose of this guide is to demonstrate exactly how easy it is to spoof a whitelisted MAC address and gain access to a restricted network.
This guide is purely for educational purposes. DO NOT attempt this on a network that you do not own.
Install Aircrack-ng and MacchangerIf you're using Kali, don't worry about this part. You already have what you need. If you're on a different distribution, you need to install
aircrack-ngand, if you'd prefer it to
macchanger. Chances are, they're both readily available in your distro's repos, so install them.
$ sudo apt install aircrack-ng macchanger
Find A Valid MAC AddressBefore you spoof a MAC address, you need one to duplicate. Assuming that only whitelisted addresses can access the network, you need to find the MAC address of a connected device. The best way to do this is by listening to traffic with Aircrack.
ip ato find the interface of your wireless interface. When you have it, use Aircrack to create a new virtual monitoring interface.
$ sudo airmon-ng start wlan0Take a look at the message in the terminal. It contains the name of the virtual interface. It's usually
$ sudo airodump-ng mon0. You'll see a table of date about the wireless networks in your area. Find the one that you're trying to connect to, and note the BSSID and channel. When you have them, cancel that command.
airodump-ng, specifying the BSSID and channel. This will narrow your results and make the clients easier to pick out.
$ sudo airodump-ng -c 1 --bssid XX:XX:XX:XX:XX:XX mon0At the bottom of these new results, you'll see a second table. That table contains information about client connections. To the right, you'll see the MAC address of the network followed by the MAC of client. Pick one, and notate it. That's what you'll be spoofing.
Spoof The MACIf you haven't, you can close out of Aircrack now. Your new MAC address can be set with a simple command.
$ sudo ip link set dev wlan0 down $ sudo ip link set dev wlan0 address XX:XX:XX:XX:XX:XX $ sudo ip link set dev wlan0 upOr
$ sudo macchanger -m XX:XX:XX:XX:XX:XXObviously, plug in the MAC of the connected client.