1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Mac Address Question

Discussion in 'BlackHat Lounge' started by kingbrend, Mar 15, 2010.

  1. kingbrend

    kingbrend Regular Member Premium Member

    Joined:
    Feb 12, 2008
    Messages:
    427
    Likes Received:
    113
    Home Page:
    I find that some websites can gather your mac address and thus use it to block you from their site.

    I didn't think this was possible... are there websites out there that can show your mac address? Just as easy as sites show your IP address?

    Thanks,
     
  2. Grizzy

    Grizzy Senior Member

    Joined:
    Nov 11, 2008
    Messages:
    919
    Likes Received:
    999
    Just as easy as sites show your IP address?

    No not at all. There are ways that a website can get your MAC address using third party applications. Stuff like java, flash and activex can be used to make your PC pass it's MAC address to the web server in question.

    But other then that, your MAC address resides in the Data Link Layer of the TCP/IP model. It is stripped away and replaced at every hop, and 99.9% of webmasters have no idea how to implement any sort of advanced MAC tracking solution on their website.

    When in doubt, just change your MAC address :D
     
    • Thanks Thanks x 1
  3. lived66

    lived66 Regular Member

    Joined:
    Feb 12, 2010
    Messages:
    265
    Likes Received:
    440
    New mac user/owner here. Is there any way to mask your IP address? Thanks.
     
  4. Grizzy

    Grizzy Senior Member

    Joined:
    Nov 11, 2008
    Messages:
    919
    Likes Received:
    999
    hmm not quite sure what you mean by "new mac user".. We're talking about MAC as in Media Access Control here..

    But you can use proxies to hide your ip address in most situations.
     
    • Thanks Thanks x 1
  5. lived66

    lived66 Regular Member

    Joined:
    Feb 12, 2010
    Messages:
    265
    Likes Received:
    440
    I was talking about the Mac (as in the computer)

    Thanks for responding to my question. I appreciate it.
     
  6. kingbrend

    kingbrend Regular Member Premium Member

    Joined:
    Feb 12, 2008
    Messages:
    427
    Likes Received:
    113
    Home Page:

    Really thanks for your answer; I found a website that uses Java to get one's Mac address: http://www.ipaddresslocation.org/find-mac-address.php

    The reason for the question is because I feel Amazon is using a person's Mac address against them when suspending their account. If there are ways to block this from happening, it'll help a lot of people.

    I think disabling Java is a good start.
     
  7. Grizzy

    Grizzy Senior Member

    Joined:
    Nov 11, 2008
    Messages:
    919
    Likes Received:
    999
    Hey glad I could be of help :)

    Yea if you think that a site might be tracking your MAC address with something like java, then you can always disable it like you said. But the problem then is not having java just becomes an additional footprint that can be used to identify you, as most users by default don't have java disabled. So the very act of not having java enabled could possibly be seen as suspicious behavior by an automated system. It's still obviously better then leaking your MAC address all over the place, but not the perfect solution to online anonymity. I would rather go with changing my MAC address and trying to blend in with the crowd so to speak.

    These 3rd party platforms like flash and java can also be used to gather other information other then your MAC address, like the rest of your network configuration (hostname, network adapter description, DNS servers, private ip address), and lots of other information about your PC that can be combined and inputted into advanced algorithms and used to fingerprint your machine. Luckily all of this stuff can be randomized on your end with a little work and research :D

    I really do think that (and wonder why) a lot of big sites dont use this advanced stuff against spammers and bhatters. I mean, if they did, no one would be able to get away with using just a proxy/clearing cookies on places like YT, CL, FB and all the other huge sites. Surely companies that deal directly with large amounts of monetary transactions do however (amazon, paypal, adsense, big CPA advertisers, ect...)
     
    • Thanks Thanks x 1
  8. Quicksilver.FX

    Quicksilver.FX Newbie

    Joined:
    Feb 9, 2009
    Messages:
    22
    Likes Received:
    2
    Occupation:
    CEO of Nexon America
    Those 99% of webmasters you know must be script kiddies with zero education/knowledge in technology.

    99% of webmasters I know are very well aware of MAC addresses. I logged onto my CMS and looked up a random IP. I see a MAC. I never installed anything to get this. =]

    Anyway, on topic. MAC address can be changed in registry. If you are unable to find it, make a .bat file to do it.
     
  9. zander64

    zander64 Junior Member

    Joined:
    Nov 25, 2008
    Messages:
    129
    Likes Received:
    36
    You can easily clone your mac address when you open up your router. If you are lucky and have a lynksys you can even just type in a new one anytime, restart router/modem and viola...
     
  10. gregstereo

    gregstereo Elite Member

    Joined:
    Oct 5, 2009
    Messages:
    1,833
    Likes Received:
    1,027
    Occupation:
    I'm known to locate certain things from time to ti
    Location:
    Moose Factory, ON
    O rly? In what zone did the IP you looked up reside? And what CMS are you referring to?
     
  11. Grizzy

    Grizzy Senior Member

    Joined:
    Nov 11, 2008
    Messages:
    919
    Likes Received:
    999
    You got it. 99.9% of "webmasters" are bloggers who know jack shit about anything computer network related. They don't even know how their copy of wordpress works let alone about the osi model, actionscript, java, JS, clock skew or anything to do with fingerprinting remote devices over multiple hops ;)

    Even a lot of the people with decent traffic really know nothing, they only hire someone with a tech-related education when something goes wrong.

    btw what cms are you using?




    Sorry, just re-read your post:
    If you are saying you can take a random IP address off the top of your head and get a MAC address from it, you are full of poop.
     
    Last edited: Mar 16, 2010
  12. kingbrend

    kingbrend Regular Member Premium Member

    Joined:
    Feb 12, 2008
    Messages:
    427
    Likes Received:
    113
    Home Page:
    So I'm guessing the best thing to do instead is to clone your mac address instead of trying to hide it?

    You said something about hostname, network adapter description, DNS servers also being tracked?

    Is that true even when I'm running on just a laptop? Hostname I know of.. but network adapter description? Is that like the serial number of your adapter? Would that make changing your mac address useless then?

    Thanks for your repsonse,
     
  13. AutoPostKing

    AutoPostKing Newbie

    Joined:
    Mar 11, 2010
    Messages:
    31
    Likes Received:
    4
    Occupation:
    Craigslist Marketing Specialist
    Location:
    127.0.0.1
    Just use technitium utility which can be downloaded to make bogus mac addresses.

    You can fake your IP address by going thru an elite proxy.

    No one will have your true details, then, and no way to know they don't have real info, either.

    Don't forget to clean those cookies ;)