Hacker News new | past | comments | ask | show | jobs | submit login
How does Starbucks knows how to grab my MAC Address?
1 point by larrywallace on Dec 14, 2014 | hide | past | favorite | 9 comments
To all hacker out there, how in the world can a website grab your mac address from the browser http://oi61.tinypic.com/s263ib.jpg. I've heard responses from "it is not possible" to "they use flash". But this happens every time I go to Starbucks and I am pretty sure Flash is not used.

I'm posting on HN to get the low down if anyone who has ACTUALLY first hand know how on how this is accomplished.




That web site for me says "Looks like you might be outside a Starbucks store / Our local store web site is only available when you’re connected to Wi-Fi at most U.S. Starbucks stores."

If you are on their network then they can see your MAC address. That's how Ethernet works.

See http://en.wikipedia.org/wiki/MAC_address#Spying for an example of how Apple has changed iOS so it uses a random MAC address. See also http://security.stackexchange.com/questions/6868/randomizing... .


Yes, I am connected to the store's wifi. Once I am on their network, how do they actually grab it? What headers names do they inspect for, etc. I'd like to actually know the implementation details and code sample. I looked everywhere on Stackeroverflow and can't find anyone who has done this.


Since you are connected to their network they know your MAC.

What they will likely do is take your IP and look to which MAC their DHCP-Server has assigned that IP to. There are other possibilities though, but they are more complicated (using ARP-cache or requests, doing a raw packet dump at the webserver).

If you want learn more, I think you could read a bit about the different layers first, and then read about how ethernet, IP/ARP and DHCP work. There are likely no "headers" (I assume you mean HTTP-headers) they inspect.


A MAC address is part of their network once you attempt to connect to their wifi. The MAC address identifies your physical network adapter to the router. Once your network adapter is known by the router, the router can assign your adapter an Internet Protocol (IP) address.

Note: the above is a 10,000 foot observation of what happens.

More in-depth: https://en.wikipedia.org/wiki/MAC_address


How do you know they're getting it from your browser? They could have just stored your MAC address somewhere when you connected to their wireless router. For example, they might have a custom DHCP server that stores your MAC address along with the IP address it assigns to you in some database that's accessible to the web server. The web server can then look up your IP address in the database and obtain your MAC address.


The wifi router knows your mac and probably intercepts a HTTP request (like a "captive portal"), which probably redirects you to that URL while including the MAC address


Yes, I am connected to the store's wifi. Can you point me to some code that actually can grab the mac address? As the title suggests -- I want to know how they do it.


http://en.wikipedia.org/wiki/Captive_portal lists three ways to achieve it. The details will depend on how Starbucks decided to do it.

What you're asking is, in essence, "how does ethernet work?" That cannot be explained in a few paragraphs. You can start with Richard Stevens' "TCP/IP Illustrated, Vol. 1", as one of many available descriptions. You can use Wireshark to track all of the details.

At this point you should stop asking questions here. There's likely no simple answer, and this is a great chance to experiment and figure it out for yourself.

(Even if someone knows the exact details of how Starbucks does it, you are unlikely to understand the explanation without understanding some of the fundamentals.)


ok, I think I got it. Fundamentals I know enough to be dangerous, thanks for the pointers to captive portal. I'll be able to run with this now... I upvoted you and 0x0




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: