A lightweight Linux utility to enable MAC address randomization via NetworkManager, reducing the risk of device tracking on WiFi and Ethernet networks.
This tool configures NetworkManager to randomize MAC addresses:
- WiFi scan: Random MAC when scanning for networks
- Connection-level randomization: Ethernet and WiFi connections use random MACs
- Active connection cycling: Installer optionally cycles active connections to apply randomization immediately
- Does not rotate MACs during an active session (NetworkManager controls behavior)
- No custom scripts or services installed
- No per-network or per-connection advanced rotation logic
- No stealth mode or vendor spoofing
- Linux: NetworkManager must be installed (the installer will attempt to install it if missing)
- Python 3: Required for script execution, auto-installed if missing
- Root/Admin: Required to modify network configuration
sudo chmod +x installer.sh
sudo ./installer.sh-
Detect your Linux distribution and package manager
-
Install Python3 and NetworkManager if needed
-
Create
/etc/NetworkManager/conf.d/99-mac-rotator.confto enable MAC randomization
sudo chmod +x uninstaller.sh
sudo ./uninstaller.sh-
Restore permanent MAC addresses where possible
-
Clear NetworkManager cloned-MAC settings
-
Remove all installer-created files, logs, and temporary sessions
-
Backup removed files to
/var/backups/macrotator-<timestamp>/ -
Optionally reload NIC drivers to fix interfaces without IPs
Verify MAC Randomization
Check your interface’s MAC address:
ip link show <device>Cycle your connection to see if a new MAC is applied:
sudo nmcli device disconnect <device>
sudo nmcli device connect <device>
ip link show <device>MAC not randomizing
- Check NetworkManager settings:
nmcli connection show <UUID> | grep cloned-mac-address- Check the config file:
cat /etc/NetworkManager/conf.d/99-mac-rotator.conf- Restart NetworkManager:
sudo systemctl restart NetworkManager- Ensure NetworkManager is running:
systemctl status NetworkManager
nmcli --version- If issues persist, cycle network interfaces or reboot.
-
NetworkManager Configuration: The installer writes a configuration file enabling MAC randomization for WiFi and Ethernet.
-
Optional Connection Update: Existing connections are updated to apply the random MAC immediately.
-
Active Connection Cycling: Active interfaces are briefly disconnected and reconnected so the random MAC is used.
All randomization is handled by NetworkManager, not by custom scripts.
What This Tool Helps With
-
Reduces the risk of MAC address tracking across networks
-
Makes device fingerprinting via MAC more difficult
-
Traffic analysis (use VPN or Tor)
-
Browser/device fingerprinting
-
Hardware-based identifiers (IMEI, serial numbers, etc.)
For stronger privacy, consider combining with:
-
VPN or Tor for network traffic encryption
-
DNS over HTTPS/TLS
-
Browser hardening for fingerprinting protection
-
Application sandboxing
-
Only NetworkManager-controlled MAC randomization is applied.
-
No additional services, scripts, or advanced rotation logic are installed.
-
Existing network connections may briefly disconnect during application.
Important — read before using the scripts.
This project, Changeling, and all accompanying code, documentation, and data are provided "AS IS" and WITHOUT WARRANTIES of any kind, either express or implied. To the fullest extent permitted by applicable law, the author(s) DISCLAIM all warranties, including, without limitation, implied warranties of merchantability, fitness for a particular purpose, accuracy, and non-infringement.
Limitation of liability: In no event shall the author(s), contributors, or copyright holders be liable for any direct, indirect, incidental, special, consequential, punitive, or other damages, loss of profits, loss of data, or other losses arising out of or in any way connected with the use of or inability to use this project, whether in contract, tort (including negligence), strict liability, or otherwise, even if advised of the possibility of such damages.
see DISCLAIMER.md. Use at your own risk.
Use freely; no warranty. Always test in your environment before deploying widely.