Results 1 to 5 of 5

Thread: Probe requests - How to prevent Kali sending out probe requests?

  1. #1
    Junior Member
    Join Date
    Jan 2017
    Posts
    29

    Probe requests - How to prevent Kali sending out probe requests?

    I'm playing around with essidprobe by @mmusket33. Thereby I saw that my internal wifi card sends out probes for my home network. I want to stop this but I can't find a way to do so.

    I already deleted the config-file in 'etc/NetworkManager/system-connections' but the problem remains.

    Weird:

    1. There are several config-files (and all are configurated the same, with 'autoconnect=false') but Kali is only probing for exactly one network.
    2. I'm using a cloned mac address and in my router interface it's working fine. But the probe requests are revealing my real mac adress.

    I want to stop the probe requests and it would be nice to spoof my mac adresses bullet proof. I'm not paranoid but at the moment Kali makes it pretty easy to create a motion profile. That's scary.

    - Is there an easy solution?
    - And another noob question: How can I change the hostname 'localhost'?

    I'm using Kali 2016.2 64bit.

    Once it told me 'the quieter you become, the more you're able to hear', now it's sending unspoofed probe requests

  2. #2
    Senior Member
    Join Date
    Oct 2016
    Location
    /dev/sda
    Posts
    621
    Have you tried assigning temporary MAC Address with macchanger -r and checking your new MAC Address using ifconfig?

    The probe request is hardcoded in the ROM of wifi adapter. It is called active probing. It sends who is there probes to scan networks around you. In 2.5 seconds it scans all the channels for wifi networks and runs after every 30 seconds.

    I'm not sure why it is leaking your real MAC Address and if is it supposed to leak your real MAC.

    I find your topic very interesting and i also would like to know if there is a way to stop leaking of real MAC.

    I will try this in my PC and check if it actually leaks your real MAC.
    Last edited by _defalt; 2017-08-20 at 08:22 AM.

  3. #3
    Junior Member
    Join Date
    Jan 2017
    Posts
    29
    @_defalt: Thank's a lot for your eye-opening answer! I never would have guessed that probe requests are hardcoded.

    I changed the MAC using the input field Network Manager offers. I have not tried macchanger yet for I've read that Network Manager ignores macchanger.

    I have to make good some theory first (about active probing etc.), but I will keep this topic in mind.

  4. #4
    Senior Member
    Join Date
    Oct 2016
    Location
    /dev/sda
    Posts
    621
    Quote Originally Posted by mstrmnn View Post
    I never would have guessed that probe requests are hardcoded.
    Probe requests are generated by your wifi adapter. It is hardcoded with how to generate it. It doesn't mean that it will use hardcoded(Permanent) MAC address. It is controlled by your OS so it is upto you which MAC Address you want to assign to your ethernet frames. If you do it incorrectly the Network Interface Card will not use your provided MAC Address. It will switch to the permanent one.


    Using wireshark I'm uploading output of wifi probe request along with what data it contains. These wifi probes are emitted by your wifi adapter only when it is searching for wifi networks. It will help you to see if it actually leaks your MAC address because i don't think it does.

    How did you come to know that your permanent MAC Address leaks? It could be a problem that your network interface wasn't really using your provided MAC Address.

    You should read this article how active probing is helping malls and showrooms to track their customers: https://www.crc.id.au/tracking-peopl...not-connected/

    Windows 10 , ios and android smartphones phones use MAC Address Randomization to protect you from being tacked over public wifi hotspots. They rotate MAC Addresses for different networks and after each established connection. If your permanent MAC address was actually leaking, this technology would be broken.

    However some group of researchers were still able to track devices despite using MAC Address Randomization but that's a different subject and they used a vulnerability in MAC Address Randomization:

    https://www.bleepingcomputer.com/new...-test-devices/

    https://www.theregister.co.uk/2017/0...randomization/
    Last edited by _defalt; 2017-08-20 at 05:04 PM.

  5. #5
    Senior Member
    Join Date
    Oct 2016
    Location
    /dev/sda
    Posts
    621
    This is the part of the captured probe request transmitted from my phone to search for wifi networks: https://pastebin.com/UM1cibpb

    It contains my original MAC Address but if I change it, it will show the spoofed mac address. It's not leaking in my case as i have also tested by spoofing the mac address of my PC.

    You should try macchanger -r interface-name
    Last edited by _defalt; 2017-08-23 at 11:26 AM.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •