How to gain access to a MAC whitelist WiFi network
MAC address whitelisting sounds like a great way to prevent unauthorized access to your wireless network, but it does not work as well as you might think. The purpose of this guide is to demonstrate exactly how easy it is to spoof a whitelisted MAC address and gain access to a restricted network. In the steps below, you will see how to spoof a MAC address to gain access to MAC whitelisted network on Kali Linux.
In this tutorial you will learn:
- How to find a whitelisted MAC address
- How to spoof a whitelisted MAC address

Category | Requirements, Conventions or Software Version Used |
---|---|
System | Kali Linux |
Software | aircrack-ng, ip, macchanger |
Other | Privileged access to your Linux system as root or via the sudo command.Wireless adapter and a router that you can set up with a MAC whitelist to test |
Conventions | # â requires given linux commands to be executed with root privileges either directly as a root user or by use of sudo command$ â requires given linux commands to be executed as a regular non-privileged user |
Gain access to a MAC whitelist WiFi network step by step instructions
It is recommended that you use Kali Linux when running through the steps below, but you can technically install the required programs on any distribution and use it to gain access to your Wifi network.WARNING
This guide is purely for educational purposes. DO NOT attempt this on a network that you do not own.
- Install Aircrack-ng and MacchangerIf youâre using Kali, donât worry about this part. You already have what you need. If youâre on a different distribution, you need to installÂ
aircrack-ng
 and, if youâd prefer it toÂip
,Âmacchanger
. Chances are, theyâre both readily available in your distroâs repos, so install them.$ sudo apt install aircrack-ng macchanger - Find A Valid MAC AddressBefore you spoof a MAC address, you need one to duplicate. Assuming that only whitelisted addresses can access the network, you need to find the MAC address of a connected device. The best way to do this is by listening to traffic with Aircrack. RunÂ
ip a
 to find the interface of your wireless interface. When you have it, use Aircrack to create a new virtual monitoring interface.$ sudo airmon-ng start wlan0 - Take a look at the message in the terminal. It contains the name of the virtual interface. Itâs usuallyÂ
mon0
.$ sudo airodump-ng mon0 Youâll see a table of date about the wireless networks in your area. Find the one that youâre trying to connect to, and note the BSSID and channel. When you have them, cancel that command. - RerunÂ
airodump-ng
, specifying the BSSID and channel. This will narrow your results and make the clients easier to pick out.$ sudo airodump-ng -c 1 --bssid XX:XX:XX:XX:XX:XX mon0 At the bottom of these new results, youâll see a second table. That table contains information about client connections. To the right, youâll see the MAC address of the network followed by the MAC of client. Pick one, and notate it. Thatâs what youâll be spoofing. - Spoof The MACIf you havenât, you can close out of Aircrack now. Your new MAC address can be set with a simple command.$ sudo ip link set dev wlan0 down $ sudo ip link set dev wlan0 address XX:XX:XX:XX:XX:XX $ sudo ip link set dev wlan0 up https://4f0f638b398991ec284a4da97a9036e9.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Or:$ sudo macchanger -m XX:XX:XX:XX:XX:XX Obviously, plug in the MAC of the connected client. - Connect to NetworkYou can now connect to your network like you normally would. Open up your favorite GUI network management tool or use the command line. The network doesnât care about your computer, other than that MAC address. Itâll even assign it a separate IP with DHCP.
Closing Thoughts
In this tutorial, we saw how to gain access to a MAC whitelist Wifi network on a Kali Linux system (or any distro that has the proper tools installed). It really is that painfully easy to spoof a MAC address and gain access to a restricted network. Again, this is purely to illustrate that restricting MAC addresses on your home network will not prevent attackers from connecting.