
SpoofMAC - Spoof your MAC address in Mac OS X - nh
http://feross.org/spoofmac/
======
feross
Original author here. Thanks, nh, for sharing this.

To those wondering why you would use SpoofMAC when you can just do `sudo
ifconfig en1 ether 00:11:22:33:44:55:66`, let me explain why I wrote this.

The main advantage of SpoofMAC is that it automatically disassociates from any
connected Wi-Fi networks before it changes your MAC address. The ensures the
MAC change will be applied correctly. The biggest annoyance with doing it
manually is figuring out how to dissociate manually, which usually requires
trying to connect to a non-existant network.

After I put the code on GitHub, a few random contributors submitted patches
for features like random MAC generation, etc. <3 open source.

Glad that so many are finding this useful.

~~~
zaius
You can disassociate from any network with the well hidden airport command:

    
    
        /System/Library/PrivateFrameworks/Apple80211.framework/Versions/A/Resources/airport --disassociate
    

EDIT: and looking at the source, that's exactly how you're doing it.

------
pla3rhat3r
There was a great article in 2600 Mag about scanning a network for devices
that were already connected to a pay-to-play WiFi network. You could then
change your mac address to a mac address already connected. You would then
share the connection and bypass having to pay for WiFi. It was really handy at
airports and coffee shops that would charge to get online.

~~~
yial
That was Volume 28, number four. Winter 2011-2012, Page 10 I believe titles "
Mac Spoofing your way to free internet".

~~~
sb
[http://servv89pn0aj.sn.sourcedns.com/~gbpprorg/2600/2600_28-...](http://servv89pn0aj.sn.sourcedns.com/~gbpprorg/2600/2600_28-4_Page_06.txt)

------
leoh
Cool script--it has some useful features like generating a random MAC. But
it's also possible to set your mac with:

sudo ifconfig [device] [mac]

...and one can replace [mac] with `openssl rand -hex 6 | sed
's/\\(..\\)/\1:/g; s/.$//'` for a random address.

~~~
nikcub
should redirect the error/warning output so that it isn't mashed into the
command:

    
    
        openssl rand -hex 6 2>/dev/null | sed 's/\(..\)/\1:/g; s/.$//'
    

because if you are running this on startup there is a chance HOME or RANDFILE
aren't set yet, the .rnd file doesn't exist or the permissions on it are not
set properly - resulting in a warning such as "PRNG not seeded" or "unable to
write 'random state'" that would be passed into the ifconfig command.

~~~
decklin
Command substitution does not capture standard error.

~~~
nikcub
you're right, it is from my own script where I do it different with more
sanity checks and my own errors, I just applied it to the line above.

I'm also in that habit for anything fired at startup or in cron so you don't
pollute logs.

------
rdl
What I really want is a tool which lets me masquerade (to nmap, etc.) as
whatever kind of machine I want. Pick MAC addresses out of the correct range,
but also change how the network stack, etc. respond to various passive and
active attempts at fingerprinting.

It's eventually going to throw up alarms if your macbook pro osx 10.8.2 with
an valid apple or intel MAC is on a network segment, then drops off, then a
machine reappears with a DECstation MAC address.

~~~
derleth
> but also change how the network stack, etc. respond to various passive and
> active attempts at fingerprinting.

I can't see how you could do this without swapping out part of the OS, which
is where the network stack lives these days. A simpler way might be to swap
out the whole OS, by using virtual machines that communicate on an internal
virtual LAN: The Windows XP virtual machine sends the packets under control of
the Linux virtual machine that's hosting the analysis software.

> It's eventually going to throw up alarms if your macbook pro osx 10.8.2 with
> an valid apple or intel MAC is on a network segment, then drops off, then a
> machine reappears with a DECstation MAC address.

It's an eternal game of cat and mouse anyway; if it isn't detailed MAC address
analysis, it's subtle timing quirks, or hooking AM radio receivers to
computers listening for the sounds of CPUs grinding through AES, or something
else.

------
pkill17
Seems a bit silly to write a python script for this when most people have it
in a bash function. I find running a python command through the interpreter
like that to be cumbersome, but a good script nonetheless.

On another note: GO BEARS! Down with the tree!

------
bjonathan
If you are on windows , there is a small app to change your mac address
easily: <http://www.zokali.com/win7-mac-address-changer>

------
TkTech
Neato, I liked it so I cleaned it up/rewrote it a bit ->
<https://github.com/feross/SpoofMAC/pull/4>

------
gws
guys, what are practical use cases for spoofing your MAC address?

~~~
roryokane
Drexel University has wi-fi throughout campus. Its main wi-fi network,
dragonfly3, allows any device to connect using WPA2 (with your student account
as your login). But it also has dragonfly and dragonfly2, which are secured
with only WEP, but only allow whitelisted MAC addresses to connect (to prevent
strangers who have cracked the password from connecting). Each student has a
customizeable list of up to only two MAC addresses, editable through a web
interface, that they can keep on the whitelist.

When I was living in a dorm on campus, I had two devices (gaming consoles)
whose OSs didn’t support WPA2, meaning I had to connect them to dragonfly2.
These two devices filled up my whitelist. And occasionally, the dragonfly3
network signal totally dropped out while I was using that network on my
computer, while the dragonfly2 network stayed accessible. So then I wanted to
connect to dragonfly2 with my computer.

To do that, I had to log in to the web interface, select one of my other
devices to unlist, and then add my computer’s MAC address in its place. If I
had had SpoofMAC, I could have used it to set my computer’s MAC address to
match one of my other device’s. Running SpoofMAC would probably have taken
much less time than changing my whitelist through the web interface, and would
have obviated the need to re-list the removed device when I wanted to use it
again.

~~~
TkTech
This is very silly and very pointless. If they already have the WEP keys then
grabbing frames to get whitelisted MAC addresses is trivial. This does nothing
but make it more annoying for legitimate users.

Also, for these silly things I usually keep a DD-WRT capable router around
like the trusty WRT54G or one of the newer Buffalo routers. It's easy to use
it in a bridge configuration to have as many devices as you want behind it.

------
pokoleo
Literally did this 10 minutes ago when connecting to hotel Wi-Fi.

`$ sudo ifconfig en1 ether 00:11:22:33:44:55:66`

------
nthitz
Careful, you may be violating the CFAA by using tools such as this.

~~~
sigzero
No you wouldn't be. Not in and of itself. If you commit a "computer" crime and
they find that you have done this, then yes they will add it to the charges.

