DEV Community


Posted on • Originally published at on

MAC Spoofing under Linux

The announcement of the recent attacks on Tor-users that exploit a Firefox vulnerability in Javascript suggested some things to remain anonymous whilst using Tor, such as disabling JavaScript, using the most recent versions of Firefox, install firewalls and so on. One interesting measure named was to often change your MAC address so there’s one less vector to identify you and your surfing behavior.

I thought to myself, why only use it with tor, why not always? There’s no reason not to do it. The term we’re looking for here is called MACspoofing. There’s a short but interesting paper discussing this topic. Be sure to read it.

A short search on the internet revealed, that there are already tools to help you accomplish the task. The application I use is called “GNU MACChanger” by Alvaro Lopez Ortega.


On Arch Linux, the macchanger is in the AUR, Ubuntu has it in it’s Repos, too. So just install it with your favorite package manager:

On Arch Linux:

pakku -S macchanger
Enter fullscreen mode Exit fullscreen mode

On Ubuntu:

apt-get install macchanger
Enter fullscreen mode Exit fullscreen mode


Usage is really simple, just run the following as root:

macchanger -r eth0
Enter fullscreen mode Exit fullscreen mode

This changes the MAC address of your wired interface to a random value. If you use wifi, replace eth0 with wlan0 or whatever your interface is called.

There are other usage-possibilities, with the following command, you can change the MAC address to a specific value:

macchanger -m XX:XX:XX:XX:XX:XX
Enter fullscreen mode Exit fullscreen mode

The other options can be found in the manpage of macchanger.

Change MAC on every boot

If you want to run the changer on every boot, you can add a small function into /etc/rc.d. Just put a file named “change_mac” into this directory and insert the macchanger command.

echo "macchanger -r eth0" > /etc/rc.d/change_mac
Enter fullscreen mode Exit fullscreen mode

This way you get a new MAC address every boot.

Top comments (0)