MAC Spoofing

Aug. 06, 2024

MAC spoofing means to change the computer's network interface MAC to avoid detection based on hardware network address. MAC comes from Media Access Control and is assigned by the manufacturer. Wi-Fi, Bluetooth, and Ethernet devices all use MAC addresses. That address can be modified during a session by software. However, usually that operation require administrator privileges.

MAC spoofing can be used by: (a) users, to maintain privacy and prevent tracking; (b) IT professionals, to test network security and identify vulnerabilities; (c) attackers, to supplant legitimate devices or hide tracks in an intrusion.

Here is an example of a C fragment that performs randomized MAC spoofing:

// Getting the current MAC addrss
ifdev.ifr_hwaddr.sa_family = ARPHRD_ETHER;
if (ioctl(sock, SIOCGIFHWADDR, &(ifdev)) == -1) {
    perror("ioctl");
    return -1;
}
printf("Current MAC address: ");
print_mac(ifdev.ifr_hwaddr.sa_data);
// Overwriting the mac address with random numbers
srand(time(NULL));
for (int i = 0; i < 6; i++) {
    ifdev.ifr_hwaddr.sa_data[i] = (random() % 0xff) & (i == 0 ? 0xFC : 0xFF);
}
if (ioctl(sock, SIOCSIFHWADDR, &(ifdev)) == -1) {
    perror("Changing mac address");
    return -1;
}
printf("MAC address was succesfully changed to: ");
print_mac(ifdev.ifr_hwaddr.sa_data);
return 0;

The full program can be found in this link.

Resources:

• Wikipedia: MAC spoofing