Original author here. Thanks, nh, for sharing this.
To those wondering why you would use SpoofMAC when you can just do `sudo ifconfig en1 ether 00:11:22:33:44:55:66`, let me explain why I wrote this.
The main advantage of SpoofMAC is that it automatically disassociates from any connected Wi-Fi networks before it changes your MAC address. The ensures the MAC change will be applied correctly. The biggest annoyance with doing it manually is figuring out how to dissociate manually, which usually requires trying to connect to a non-existant network.
After I put the code on GitHub, a few random contributors submitted patches for features like random MAC generation, etc. <3 open source.
There was a great article in 2600 Mag about scanning a network for devices that were already connected to a pay-to-play WiFi network. You could then change your mac address to a mac address already connected. You would then share the connection and bypass having to pay for WiFi. It was really handy at airports and coffee shops that would charge to get online.
It would be cool if there were software that could detect such a person, report them to the authorities and we could watch them being hauled away to jail.
should redirect the error/warning output so that it isn't mashed into the command:
openssl rand -hex 6 2>/dev/null | sed 's/\(..\)/\1:/g; s/.$//'
because if you are running this on startup there is a chance HOME or RANDFILE aren't set yet, the .rnd file doesn't exist or the permissions on it are not set properly - resulting in a warning such as "PRNG not seeded" or "unable to write 'random state'" that would be passed into the ifconfig command.
What I really want is a tool which lets me masquerade (to nmap, etc.) as whatever kind of machine I want. Pick MAC addresses out of the correct range, but also change how the network stack, etc. respond to various passive and active attempts at fingerprinting.
It's eventually going to throw up alarms if your macbook pro osx 10.8.2 with an valid apple or intel MAC is on a network segment, then drops off, then a machine reappears with a DECstation MAC address.
> but also change how the network stack, etc. respond to various passive and active attempts at fingerprinting.
I can't see how you could do this without swapping out part of the OS, which is where the network stack lives these days. A simpler way might be to swap out the whole OS, by using virtual machines that communicate on an internal virtual LAN: The Windows XP virtual machine sends the packets under control of the Linux virtual machine that's hosting the analysis software.
> It's eventually going to throw up alarms if your macbook pro osx 10.8.2 with an valid apple or intel MAC is on a network segment, then drops off, then a machine reappears with a DECstation MAC address.
It's an eternal game of cat and mouse anyway; if it isn't detailed MAC address analysis, it's subtle timing quirks, or hooking AM radio receivers to computers listening for the sounds of CPUs grinding through AES, or something else.
Seems a bit silly to write a python script for this when most people have it in a bash function. I find running a python command through the interpreter like that to be cumbersome, but a good script nonetheless.
Drexel University has wi-fi throughout campus. Its main wi-fi network, dragonfly3, allows any device to connect using WPA2 (with your student account as your login). But it also has dragonfly and dragonfly2, which are secured with only WEP, but only allow whitelisted MAC addresses to connect (to prevent strangers who have cracked the password from connecting). Each student has a customizeable list of up to only two MAC addresses, editable through a web interface, that they can keep on the whitelist.
When I was living in a dorm on campus, I had two devices (gaming consoles) whose OSs didn’t support WPA2, meaning I had to connect them to dragonfly2. These two devices filled up my whitelist. And occasionally, the dragonfly3 network signal totally dropped out while I was using that network on my computer, while the dragonfly2 network stayed accessible. So then I wanted to connect to dragonfly2 with my computer.
To do that, I had to log in to the web interface, select one of my other devices to unlist, and then add my computer’s MAC address in its place. If I had had SpoofMAC, I could have used it to set my computer’s MAC address to match one of my other device’s. Running SpoofMAC would probably have taken much less time than changing my whitelist through the web interface, and would have obviated the need to re-list the removed device when I wanted to use it again.
This is very silly and very pointless. If they already have the WEP keys then grabbing frames to get whitelisted MAC addresses is trivial. This does nothing but make it more annoying for legitimate users.
Also, for these silly things I usually keep a DD-WRT capable router around like the trusty WRT54G or one of the newer Buffalo routers. It's easy to use it in a bridge configuration to have as many devices as you want behind it.
The only time I've "needed" to do it is at places that limit their wifi connection times.
For example, the Panera Breads in my area all limit their connection times to 30 minutes during lunchtime. If you spoof your MAC address every 30 minutes, you can keep going.
I had an ISP that would whitelist the MAC address that was allowed to connect to it. When I first signed up, I didn't realize this and they used an old server I had sitting around.
Because their technical support was so awful, it was easier to spoof the MAC of the old server than it was to get through to someone who could actually whitelist my new machine's MAC.
My school had a guest network that would allow people to use it for a few hours, but after that would force them to jump through some sort of registration hoops to get permanent access. Spoofing their MAC addresses seemed to be the easier alternative.
No you wouldn't be. Not in and of itself. If you commit a "computer" crime and they find that you have done this, then yes they will add it to the charges.
To those wondering why you would use SpoofMAC when you can just do `sudo ifconfig en1 ether 00:11:22:33:44:55:66`, let me explain why I wrote this.
The main advantage of SpoofMAC is that it automatically disassociates from any connected Wi-Fi networks before it changes your MAC address. The ensures the MAC change will be applied correctly. The biggest annoyance with doing it manually is figuring out how to dissociate manually, which usually requires trying to connect to a non-existant network.
After I put the code on GitHub, a few random contributors submitted patches for features like random MAC generation, etc. <3 open source.
Glad that so many are finding this useful.