Jump to content


Photo
- - - - -

Has anyone ever done automatic MAC spoofing at the ROUTER level (Links


  • Please log in to reply
9 replies to this topic

#1 yellowgirlinc

yellowgirlinc

    the 0ne

  • Members
  • 1 posts

Posted 19 May 2007 - 07:19 PM

Hi there,
This is my first post to this forum so please be gentle with me ....
Is there an existing automated way to change the MAC address & hostname of my home ROUTER (Linksys WRT54G)?

I know about Gorlani's MacMakeUp manual MAC address-spoofing tool but it works on the WinXP computer - but this doesn't help anyone behind a NAT router - as the ROUTER's MAC address is what the Internet "sees" (http://www.gorlani.c...p/macmakeup.asp).

Manually, I can change the MAC address of the Linksys WRT54G wireless NAT by going to the Linksys WRT54G MAC Address tool inside the router at http://192.168.10.10/WanMAC.htm - which works fine - and can do the same with the router HOSTNAME (which the Internet also sees) - but these changes are all manual.

Since the Linksys WRT54G router runs Linux, I started googling for a more automated way to periodically change both the router's MAC address (which is the only MAC address the Internet sees) and the router's host name. I soon came across you guys in the process (e.g., Mad Macs changes both the host name and MAC address of the PC NIC card (http://www.irongeek....emac&mode=print). But Mad Macs won't do a thing to change the MAC address or HOSTNAME shown to the Internet because the ROUTER's hostname and MAC address are what the Internet "sees".

In digging through your archives for a script to run on the ROUTER, I see you guys wrote automated scripts to spoof the MAC address & hostname of Windows & Linux PCs (http://www.irongeek....emac&mode=print) ... but being behind a NAT ......

Has anyone yet written a program to automatically change the MAC address & HOSTNAME of the wireless router?

Edited by yellowgirlinc, 20 May 2007 - 12:45 AM.


#2 jabzor

jabzor

    hax?

  • Agents of the Revolution
  • 1,146 posts
  • Country:
  • Gender:Male
  • Location:Northern Elbonia, fighting the lefties

Posted 20 May 2007 - 03:17 PM

Don't know of any programs off hand, but it shouldn't be too hard to write a perl script or whatnot to change your router mac using either SNMP or http post/get.

#3 Mikhail

Mikhail

    SCRiPT KiDDie

  • Members
  • 23 posts
  • Location:Long Beach, Ca

Posted 17 December 2007 - 04:14 AM

the web interface should let you do that..........
but i have a WRT54G also i dumped the firmware it was running and downloaded DD-WRT and flashed it with their firmware instead of using linksys's firmware and i can do that especially if i want a new ip ha. the DD-WRT firmware should let you use a shell aswell you could manually change the mac with that aswell as DD-WRT web interface

#4 deadc0de

deadc0de

    SUP3R 31337 P1MP

  • Members
  • 272 posts
  • Location:ring0

Posted 17 December 2007 - 09:13 AM

Hi there,
This is my first post to this forum so please be gentle with me ....
Is there an existing automated way to change the MAC address & hostname of my home ROUTER (Linksys WRT54G)?

I know about Gorlani's MacMakeUp manual MAC address-spoofing tool but it works on the WinXP computer - but this doesn't help anyone behind a NAT router - as the ROUTER's MAC address is what the Internet "sees" (http://www.gorlani.c...p/macmakeup.asp).

Manually, I can change the MAC address of the Linksys WRT54G wireless NAT by going to the Linksys WRT54G MAC Address tool inside the router at <a href="http://192.168.10.10/WanMAC.htm" target="_blank">http://192.168.10.10/WanMAC.htm</a> - which works fine - and can do the same with the router HOSTNAME (which the Internet also sees) - but these changes are all manual.

Since the Linksys WRT54G router runs Linux, I started googling for a more automated way to periodically change both the router's MAC address (which is the only MAC address the Internet sees) and the router's host name. I soon came across you guys in the process (e.g., Mad Macs changes both the host name and MAC address of the PC NIC card (http://www.irongeek....emac&mode=print). But Mad Macs won't do a thing to change the MAC address or HOSTNAME shown to the Internet because the ROUTER's hostname and MAC address are what the Internet "sees".

In digging through your archives for a script to run on the ROUTER, I see you guys wrote automated scripts to spoof the MAC address & hostname of Windows & Linux PCs (http://www.irongeek....emac&mode=print) ... but being behind a NAT ......

Has anyone yet written a program to automatically change the MAC address & HOSTNAME of the wireless router?



It's not as much a program as hacked firmware. The standard WRT54G firmware doesn't let you do that iirc, but I know there's a certain set of hacked firmware that will. Google for it, I'm sure you'll find it.


EDIT: Mikhail has got the right idea

Edited by deadc0de, 17 December 2007 - 09:15 AM.


#5 Dr^ZigMan

Dr^ZigMan

    Publish or Perish!

  • Agents of the Revolution
  • 1,207 posts
  • Location:561

Posted 17 December 2007 - 09:44 AM

In digging through your archives for a script to run on the ROUTER


I wasn't sure if you had said that you were running linux on the router but if you are I whipped up this script that will change your mac to a new random value every x seconds...

#!/bin/bash

macElems=( 0 1 2 3 4 5 6 7 8 9 A B C D E F )

while true
do
		for ((i=0;i<12;i+=1))
		do
				rand=$RANDOM
				index=$(($rand % 16))

				newMacArr[$i]=${macElems[$index]}
		done

		newMac=${newMacArr[0]}${newMacArr[1]}":"${newMacArr[2]}${newMacArr[3]}":"${newMacArr[4]}${newMacArr[5]}":"${newMacArr[6]}${newMacArr[7]}":"${newMacArr[8]}${newMacArr[9]}":"${newMacArr[10]}${newMacArr[11]}

		`ifconfig $1 hw ether $newMac`

		sleep $2
done

Invoke it with bash somescript.sh <interface to spoof> <seconds till change> &

The trailing & will cause this process to run in the background.

Hope that's what you are looking for!

-Dr^ZigMan

#6 PurpleJesus

PurpleJesus

    Dangerous free thinker

  • Members
  • 1,578 posts
  • Gender:Male
  • Location:800

Posted 17 December 2007 - 10:09 AM

the web interface should let you do that..........
but i have a WRT54G also i dumped the firmware it was running and downloaded DD-WRT and flashed it with their firmware instead of using linksys's firmware and i can do that especially if i want a new ip ha. the DD-WRT firmware should let you use a shell aswell you could manually change the mac with that aswell as DD-WRT web interface


Yeah it's easy.. I'm runnin a linksys wrt54g with DD-WRT v24 Beta (08/15/07) std. Go to 192.168.1.1 then Setup/Mac Address Clone and enter whatever your heart desires...

Edited by PurpleJesus, 17 December 2007 - 10:11 AM.


#7 mungewell

mungewell

    SUPR3M3 31337 Mack Daddy P1MP

  • Agents of the Revolution
  • 376 posts
  • Location:Planet Earth

Posted 17 December 2007 - 04:00 PM

The suggested script will work... but remember every time you change your MAC address you will have to re-negoiate your IP address with your cable modem (asuming cable connected). You will also find that any active internet session may be interrupted. So you'll probably find that doing this is just a PITA.

If you want to re-flash your router, I would recomend open-wrt. It's a bit more flexable that DD-WRT, but less polished (in the GUI sense).
Cheers,
Mungewell.

#8 Dr^ZigMan

Dr^ZigMan

    Publish or Perish!

  • Agents of the Revolution
  • 1,207 posts
  • Location:561

Posted 17 December 2007 - 07:56 PM

The suggested script will work... but remember every time you change your MAC address you will have to re-negoiate your IP address with your cable modem (asuming cable connected). You will also find that any active internet session may be interrupted.


Quite true! Although I'm not sure that any active internet session would be interrupted... We could add a command to flush the arp cache forcing new discovery but it might create problems in that you need to renew a DHCP lease on an IP. Only one way to find out though, give it a shot!

-Dr^ZigMan

EDIT: Grammer, <3 Strom :)

Edited by Dr^ZigMan, 17 December 2007 - 07:56 PM.


#9 Binary_Lulz

Binary_Lulz

    elite

  • Members
  • 110 posts

Posted 20 December 2007 - 11:24 AM

Similar question, figured all the wireless gurus would be in here.

I was messing around with Kismac a little, and noticed that along with the other info on access points, it gave their MAC address.

If I were to use something like macchanger to spoof my mac to that of the AP, would it appear to be coming from the AP?

Would this be like IP spoofing, in that I could send out spoofed packets, but the responses would go to the spoofed IP and not my true machine, negating the utility?

Edit: The plan is to use one open AP, but spoof the mac of a second, thus I can hide my true location without Tor (since it slows me down significantly)

Edited by Binary_Lulz, 20 December 2007 - 11:26 AM.


#10 livinded

livinded

    Dangerous free thinker

  • Agents of the Revolution
  • 1,942 posts
  • Location:~/

Posted 20 December 2007 - 01:17 PM

If you aren't running linux on the actual access point, you can write a script that will post the data to the access point, through that page, and just cron it to run however often you want it to change.




BinRev is hosted by the great people at Lunarpages!