Often times when staying at a hotel or anywhere for that matter, you'll whip out your laptop and check the local area for Wi-Fi. I know you've all been in my shoes when you find an unsecured network that appears to be public Wi-Fi belonging to the hotel or airport, and you connect to it. You connect fast and perfectly, only to find that when you open your browser, it says you don't have an account, and are filtered from accessing the web. This is because the owners of the network want to keep things simple by having no password, but only want paying customers to be able to use their network.
As always, Null Byte has a way around it. The "security" on these access points work by filtering out MAC (Meda Access Control) addresses, which are your wired and wireless interfaces' unique addresses. They are burned in to your interfaces. However, you can temporarily change them from within your OS. Simply change yours to match a client that does get the paid service.
I'm going to go over how to do this in Arch Linux. This is possible in Windows, but requires a wireless interface capable of monitor mode. I can go over how to do it on Windows in IRC if you have the proper interface.
Step 1 Install Necessary Programs
You're going to need a few programs before we do this. We need to be able to sniff traffic and have our drivers set up to monitor traffic.
Download Wireshark, or use your package manager to install it. Linux users, download the source code and extract with (in a terminal):
tar zxvf <archive name>
Change to the new directory and install with this command:
./configure && make && sudo make install
Follow my guide on compat-wireless to make sure your card can go into monitor mode, and you will be ready to move forward.
Step 2 Enable Monitor Mode & Sniff Traffic
These are the commands to change your MAC address and enable monitor mode so you can sniff the traffic we are looking for:
sudo ifconfig wlan0 down && sudo ifconfig wlan0 mode monitor && sudo ifconfig wlan0 up
Now, start up wireshark and look for a client IP that is using the AP. Type "http" into the filter field to make sure you're only getting HTTP traffic.
Step 3 Spoof Your MAC
Wait for someone to make a request to the router. Any IP that doesn't end in ".1" should work. Click on that packet, and search for a MAC address in the hexadecimal field below. Then, make that your address with this command:
sudo ifconfig wlan0 down && sudo ifconfig hw ether <ST:OL:EN:MA:C!:!!> && sudo ifconfig wlan0 up
Now, just connect to the access point and you will see that you can get past the filter!
Here's a quick video showing you how to look through the packets, in case you don't understand.
I hope this was an informative Null Byte, come join the Forums!
Just updated your iPhone to iOS 18? You'll find a ton of hot new features for some of your most-used Apple apps. Dive in and see for yourself:
14 Comments
i love your posts! thank you
Thank you very much! I'm glad you enjoy :)
super helpful at airports and on planes. everywhere you go when traveling makes you pay!
Can this work on a Mac computer? Looks like wireshark is for Mac, too. I'm so sick of trying to connect at airports and having to pay. I never pay. Never will. I don't need it that bad, but if I can do this...
If you can nab the proper drivers, then yes! :D. Mac is also better than Windows in that department, because Mac is based on the Unix kernel as well.
You wrote in your article: "search for a MAC address in the hexadecimal field below".
Are these all MAC addresses you can use? Little confused.
A MAC address is a hexadecimal number that looks like this: ad:24:4f:2a:c4:55.
Just find any one of those inside packets and make that your MAC.
can you do this on an iPod?
Should be able to find it via google. Try searching "change mac address ipod" and "wireshark ipod" or "packet sniffer ipod".
Really? This is great.. very very useful. Thanks.
seems as if this relies on the paying user going away, otherwise there will be duplicate MAC traffic on the network.
Nice post ,thanks . :-)
Regards
Jacky
Thanks for this post!
Would you be able to provide a guide on how to use wireshark on Windows 10?
But, if you use other device mac, there will be two devices with the same MAC address in the same network. What will happen then?
Share Your Thoughts