

How does Starbucks knows how to grab my MAC Address? - larrywallace

To all hacker out there, how in the world can a website grab your mac address from the browser http:&#x2F;&#x2F;oi61.tinypic.com&#x2F;s263ib.jpg.  I&#x27;ve heard responses from &quot;it is not possible&quot; to &quot;they use flash&quot;.  But this happens every time I go to Starbucks and I am pretty sure Flash is not used.<p>I&#x27;m posting on HN to get the low down if anyone who has ACTUALLY first hand know how on how this is accomplished.
======
dalke
That web site for me says "Looks like you might be outside a Starbucks store /
Our local store web site is only available when you’re connected to Wi-Fi at
most U.S. Starbucks stores."

If you are on their network then they can see your MAC address. That's how
Ethernet works.

See
[http://en.wikipedia.org/wiki/MAC_address#Spying](http://en.wikipedia.org/wiki/MAC_address#Spying)
for an example of how Apple has changed iOS so it uses a random MAC address.
See also
[http://security.stackexchange.com/questions/6868/randomizing...](http://security.stackexchange.com/questions/6868/randomizing-
mac-addresses-on-bootup) .

~~~
larrywallace
Yes, I am connected to the store's wifi. Once I am on their network, how do
they actually grab it? What headers names do they inspect for, etc. I'd like
to actually know the implementation details and code sample. I looked
everywhere on Stackeroverflow and can't find anyone who has done this.

~~~
Rondom
Since you are connected to their network they know your MAC.

What they will likely do is take your IP and look to which MAC their DHCP-
Server has assigned that IP to. There are other possibilities though, but they
are more complicated (using ARP-cache or requests, doing a raw packet dump at
the webserver).

If you want learn more, I think you could read a bit about the different
layers first, and then read about how ethernet, IP/ARP and DHCP work. There
are likely no "headers" (I assume you mean HTTP-headers) they inspect.

------
greenyoda
How do you know they're getting it from your browser? They could have just
stored your MAC address somewhere when you connected to their wireless router.
For example, they might have a custom DHCP server that stores your MAC address
along with the IP address it assigns to you in some database that's accessible
to the web server. The web server can then look up your IP address in the
database and obtain your MAC address.

------
0x0
The wifi router knows your mac and probably intercepts a HTTP request (like a
"captive portal"), which probably redirects you to that URL while including
the MAC address

~~~
larrywallace
Yes, I am connected to the store's wifi. Can you point me to some code that
actually can grab the mac address? As the title suggests -- I want to know how
they do it.

~~~
dalke
[http://en.wikipedia.org/wiki/Captive_portal](http://en.wikipedia.org/wiki/Captive_portal)
lists three ways to achieve it. The details will depend on how Starbucks
decided to do it.

What you're asking is, in essence, "how does ethernet work?" That cannot be
explained in a few paragraphs. You can start with Richard Stevens' "TCP/IP
Illustrated, Vol. 1", as one of many available descriptions. You can use
Wireshark to track all of the details.

At this point you should stop asking questions here. There's likely no simple
answer, and this is a great chance to experiment and figure it out for
yourself.

(Even if someone knows the exact details of how Starbucks does it, you are
unlikely to understand the explanation without understanding some of the
fundamentals.)

~~~
larrywallace
ok, I think I got it. Fundamentals I know enough to be dangerous, thanks for
the pointers to captive portal. I'll be able to run with this now... I upvoted
you and 0x0

