Some of us are lazy and sometimes forget to change our mac address before doing something.
I would like to share a method for getting a script to run at each boot so your mac is spoofed automatically.

Other distribution provided the file called /etc/rc.local but Debian does not use rc.local to customize the boot process. You can use simple method as follows to customize it.


i) Create a script called macc.sh in /etc/init.d/ directory(login as root)
# vi /etc/init.d/macc.sh

ii) Add commands to this script

#!/bin/bash
ifconfig wlan0 down
macchanger -r wlan0
ifconfig wlan0 up

save the file

iii) Setup executable permission on script:
# chmod +x /etc/init.d/macc.sh

iv)Make sure this script get executed every time Debian Linux system boot up/comes up:
# update-rc.d macc.sh defaults 100

Where,
macc.sh: Your startup script name

defaults : The argument 'defaults' refers to the default runlevels, which are 2 through 5.

100 : Number 100 means script will get executed before any script containing number 101. Just run the command ls –l /etc/rc3.d/ and you will see all script soft linked to /etc/init.d with numbers.

Next time you reboot the system, you custom command or script will get executed via macc.sh.

We only wish to point out that if a user spoofs the mac using either the terminal window or the method outlined in this thread, then goes to surf the net thinking the mac is spoofed, network manager overrides the spoofed mac address and uses its own setting found in the /etc/NetworkManager/system-connections/ folder. If there is no mac spoof address listed in the network-manager drop down menu and/or the system-connections folder then Network-manager uses the device mac. These mac spoofing routines run at start only hold true IF Network-manager is not called into play.

We suggest users manually put in mac spoof addresses for all connection listed in network-manager.

Musket Teams

very nice. also, thank you mmusket33. that is very important.

Sound advice. I've also noticed MAC spoofing does not propagate when an interface is set into monitor mode. Even if wlanX is spoofed, monX will display the hardcoded MAC rather than a spoofed MAC. Always check your interfaces before any sensitive operation.

How does one ensure that the spoofed MAC address is being used by NetworkManager? Do I have to change every file in the /etc/NetworkManager/system-connections/ folder to contain the spoofed MAC Address?

To gatherercryptic,

There is a text file for each connection. You can use the Network-Manager drop down appellete upper right hand corner on kali main screen - just work thru the menus till you find the spoofed address entry box. Otherwise use this drop down menu to make one connection have a spoofed mac address then go to that connection in the /etc/NetworkManager/system-connections/ folder and look for the line in the text file dealing with cloned mac address to see what text string you need in the file to activate mac spoofing:

You will find in the [802.11 wireless] block

cloned-mac-address=00:11:22:33:44:55

You can copy and paste this into all your connections with a text editor like leafpad and of course save them. You can change the 00:11:22:33:44:55 in this example to any hex address however there will be no error handeling. There is error handeling if you use the network-manager appellete. So choose your spoofed address carefully

You can check your mac address anytime just type ifconfig, just make sure you enable networking (right click on network manager appellete)

If your network manager appellete is not showing then type

service network-manager start

or

service network-manager restart

in a terminal window - either will work and start network-manager for you.

MTeams

Some of us are lazy and sometimes forget to change our mac address before doing something.
I would like to share a method for getting a script to run at each boot so your mac is spoofed automatically.



script works fine Defaultzero.. I confirm that Network Manager (version 0.9.4.0) is not affecting mac spoofing ,I Also tried this manually as follows

spoofing mac
http://www53.zippyshare.com/v/QmM0eRlg/file.html

wireshark is showing all packets sent from my interface, are transmitted with the spoofed mac address

http://www53.zippyshare.com/v/3QhigI0p/file.html

sugesstion:
probably you can include the following in your script.

service network-manager restart # to restart network manager after spoofing

There are a few readily available KDE plasmoids that will continuously return--or nearly continuously, I'm not sure how granular their reporting is--your current MAC address. Modifying some of those widgets to report exactly the system data that is relevant to MAC spoofing should be trivial, though I have not attempted it myself. A Kali specific KDE widget would be a welcome addition.

Network Manager resets spoofed mac address but solution found
Though I browse the web with a mac address spoofed with macchanger..I noticed whenever I disconnect from my AP and reconnected, Network Manager resets the mac (lesson learned but a quick solution found!)
instead of going through the list of my hosts and typing in a cloned mac address manually..here is some codes I put in DefaultZero script and remove the entire codes that was there before


#!/bin/bash
ifconfig wlan0 down
random_mac=`macchanger -r wlan0|sed -n 's/^New *MAC: \([[:alnum:]].*[[:alnum:]]\) .*/\1/gp'`;
find /etc/NetworkManager/system-connections -type f -exec sh -c "sed -i \"/^cloned-mac-address.*/d;/^\[802-11-wireless\]/a\cloned-mac-address=$random_mac\" \"{}\"" \;

Simple Explanation

# get a random macc address and store it in a variable (codes below)

random_mac=`macchanger -r wlan0|sed -n 's/^New *MAC: \([[:alnum:]].*[[:alnum:]]\) .*/\1/gp'`;

#find all host that I usually connect to and edit their network configuration file with the random mac address stored in the variable (codes below)

find /etc/NetworkManager/system-connections -type f -exec sh -c "sed -i \"/^cloned-mac-address.*/d;/^\[802-11-wireless\]/a\cloned-mac-address=$random_mac\" \"{}\"" \;

Note: I use gnu sed..pattern matching can also be done with awk and gawk..whenever kali linux starts the macc.sh acriptran and worked excellent!

Thx Defaultzero, repzeroworld,


There are a few readily available KDE plasmoids that will continuously return--or nearly continuously, I'm not sure how granular their reporting is--your current MAC address. Modifying some of those widgets to report exactly the system data that is relevant to MAC spoofing should be trivial, though I have not attempted it myself. A Kali specific KDE widget would be a welcome addition.

yeah really. 2015 the Flintstones. I'm dreaming of a applet, top right corner, that would spoof any of my MACs, with a click, at will.

When approaching Network-manager in general, the following link is a good place to start the journey.

http://arstechnica.com/civis/viewtopic.php?t=1163023

MTeams

Thanks to repzeroworld's work, Musket Teams were able to complete a long standing project dealing with Network-manager and mac spoofing.

The following bash script allows the user to globally enter a spoofed mac address in all the wifi connection files found in the etc/NetworkManager/systems-connections folder.

The user can manually enter a specific mac address or generate a random mac address.

Readers should read thru this thread to understand the importance of spoofing the mac address thru network-manager rather then solely thru the terminal window.

Any credit or thanks for this program should be directed to repzeroworld. We do.

You can download netmanmac1-2.sh at:

http://www.datafilehost.com/d/dd57e46b

MTeams

works, thanks mmusket33!

I'm using repzeroworld script and that also works beautifully(I'm lazy)! Here is a mod for two adapters..

#!/bin/bash
ifconfig wlan0 down
random_mac=`macchanger -r wlan0|sed -n 's/^New *MAC: \([[:alnum:]].*[[:alnum:]]\) .*/\1/gp'`;
find /etc/NetworkManager/system-connections -type f -exec sh -c "sed -i \"/^cloned-mac-address.*/d;/^\[802-11-wireless\]/a\cloned-mac-address=$random_mac\" \"{}\"" \;

ifconfig wlan1 down
random_mac=`macchanger -r wlan1|sed -n 's/^New *MAC: \([[:alnum:]].*[[:alnum:]]\) .*/\1/gp'`;
find /etc/NetworkManager/system-connections -type f -exec sh -c "sed -i \"/^cloned-mac-address.*/d;/^\[802-11-wireless\]/a\cloned-mac-address=$random_mac\" \"{}\"" \;

good stuff guys! :cool:

I am having a bit of trouble with the macc.sh file. So I make the file inside the correct folder I'll name it macc.sh and I'll type the code in the file. But if I reboot the device it never stays in the folder. So I'm stuck having to remake the entire file. Any way around this?

Or we could just simplify this without all the hassle....... crontab -e and edit with your favorite editor, add at the bottom of the file, @reboot macchanger -r wlan0 or whatever your card may be eth0 wlan2 etc and save it. run crontab -l to confirm its been added to your scheduled tasks

Yes that will be great to see as default option on Kali 2 :)

Thanks for the awesome script, I'm starting to be lazy and my typing skill is going downward, LOL. I put the script in the Startup Applications.

I know this is a pretty old thread, I'm hoping someone will be able to check this and answer my question - Cuz its a small sorta thing, pretty daft starting a new thread for it.

Any way, in regards to MAC spoofing, I've been looking through Google for more information about it. Alot of places explaining how to do it, why to do it etc etc and what sorta situations it'd be useful/beneficial, but here what I want to know.

Simple question: When you are spoofing your MAC address - are you limited to what address you can use?

Details: Okay! I know that MAC is displayed in hex/decimal, so when you're spoofing I get that you will need to use a hex/decimal address (obviously it can't be like IP dot-decimal notation) But can you pick ANY hex/decimal number you want? Does it have to be any sort of specific number, like a MAC address for a phsyical device that ACTUALLY exists? Or am I free to completely fabricate the address and make it up?

Also, as an extension, what about the OUI digits? Do I have to make sure that the first 3 bits match a pre-existing OUI? or, again, can this be totally fabricated?

(If this is already answered in another thread then I apologise in advance)

~Dark

You can use almost anything you want. The only exception that I ran into is that it can not start with 11, which has to do with something about the first few bits. And there are a few others that might not work, FF:FF:FF:FF:FF:FF for example. If ifconfig doesn't complain, then you should be OK.

Install Macchanger using this command


sudo apt-get install macchanger

set crontabs for rebooting


crontab -e

at the end of opened file, add these two lines (ETHERNET CARD : eth0 ; WIFI CARD : wlan0)


@reboot macchanger -r eth0
@reboot macchanger -r wlan0

save and close using (CTRL+o & CTRL+x)
now open /etc/NetworkManager/NetworkManager.conf


nano /etc/NetworkManager/NetworkManager.conf

if there is a connection section, leave first line and add next two lines


[connection]
ethernet.cloned-mac-address=preserve
wifi.cloned-mac-address=preserve

and now reboot the system and you can see the MAC address is changed
Remember that this only works during reboot it will not work when you are logged in
if you want changes to occur during the session is running, use this script
You can also run the commands(Italic commands) in the terminal directly without the first line if you don't want to create the script


touch macc.sh
nano macc.s

add these lines to the file


#!/bin/bash
service network-manager stop
ifconfig eth0 down
macchanger -r eth0
ifconfig eth0 up
ifconfig wlan0 down
macchanger -r wlan0
ifconfig wlan0 up
service network-manager start

save and close nano
run these in terminal


chmod +x macc.sh
./macc.sh

voila! you just changed mac address during session