You are hereRandomise your MAC address

Randomise your MAC address

By chri - Posted on 24 December 2007

Been playing with BackTrack3beta USB edition. It looks very nice at the first sight. More info will come later.

Howto randomize your MAC addresses.

IFACES=$(ifconfig  | grep HWadd | awk '{ print $1 }')
# IFACES=$(ls /sys/class/net | grep -v -e sit -e lo)
for iface in ${IFACES}; do
  echo "-- Changing the MAC addr of iface: ${iface}"
  macchanger -a ${iface} ;
  sleep 1s;
done;

You might think it's not a bad idea to put that script in /etc/rc.d/rc.local to have it start at boot. But then you notice it might be too late because your normal MAC-address is already broadcasted over the wire/air.
rc.local is in fact called as last script during boot time. This means that /etc/rc.d/rc.inet1, the script that brings up your interfaces and start a dhcp client, has already run. When sending DHCP requests you also send your MAC-address and thus show the network who you really are. Even for an ethical hacker this isn't something you'd want.

To solve this there are, as usual, different ways.
BackTrack has a built-in setting for configuring your interface settings. The file /etc/rc.d/rc.inet1.conf has a variable HWADDR[0]="00:01:23:45:67:89" to let you set a non-default MAC-address. (With [0] the number of the interface).

Personally I'd like to have a non-static MAC, something that doesn't leave traces on my machine.
So I put my random-mac-script before rc.inet1 is called.

Relevant Content: 
Installing BackTrack 4 beta on a USB disk
One week before HAR
Watchguard Fireware SSL-VPN Vulnerability
ModSecurity Console signed ssl certificate
Hacking for Beer - BruCON 12 days left for early bird tickets
Tags
Do you really think it's a
Submitted by Philip Paeps (not verified) on Mon, 12/24/2007 - 12:52.
Do you really think it's a good idea to assign yourself a multicast MAC?
Philip, this
Submitted by chri on Mon, 12/24/2007 - 13:47.
Philip, this 00:01:23:45:67:89 MAC is just and only the example from the configfile. With a little goodwill you'll notice that it has a certain pattern in it and is not meant to be used irl.
I got that far. I'm not as
Submitted by Philip Paeps (not verified) on Mon, 12/24/2007 - 17:46.
I got that far. I'm not as think as you drunk I am. I was wondering about this macchange script of yours. Is it intelligent enough to not try to set the multicast bit? Is it intelligent enough to always set the locally administered flag? I can't imagine why you would like anonimity on the MAC layer...
If you read macchanger(1)
Submitted by chri on Mon, 12/24/2007 - 21:00.
If you read macchanger(1) you'll notice what the -a argument does: Set random vendor MAC of the same kind.
Chris, I have 2 networks,
Submitted by Andre (not verified) on Fri, 05/30/2008 - 13:09.
Chris, I have 2 networks, "X" and "Y", and i'd like to create a script (to be ran as a desktop icon) that would set my MAC to "X1" and connect me to network "X". If I run that script again, it would disconect me, set my MAC to "Y1" and connect to network "Y", and so on. To make it short, I don't want to use the same MAC on both networks. Would that be possible? Would you please make a sketch of how this would look like? Also, there's also two small facts: - Network X is password protected (but I have the pass, just to let you know that it should be inserted on the script code); - There are two networks named "Y" on the same area! One works, other doesn't. Then the script should be able to connect me to a specific acess point's MAC address and not to the ESSID. I appreciate any help! Thank you, Andre

I Love Belgium... and you?

About Me
GnuPG Public Key Still More LinkedIn profile
Photos
Projects
WeIDS 2.0 Linux Lessons WiFi Auth Project
Documentation
Acer Aspire 2012 WLMi Acer TM 4002 WLMi IR-receiver (Win)(NL)
Links
Ubuntu Belgium Planet Grep
FOSDEM BruCON Profoss hacker emblem www.cacert.org Get OpenOffice Get Firefox Get Thunderbird
What is OpenID?