How to use ARP spoofing and phishing the internal network with front-end js encryption to log in to the server or network device?
Because of the front-end js encryption, my idea is ARP spoofing phishing, forging a login page of the target device, and canceling ARP spoofing after others log in several times.
In other words, when the browsers of all the machines on the intranet enter the target IP address, my website is visited. I tried it. I built a port 80 website locally (actually the controlled machine), then turned on ARP spoofing, and then used a machine with another IP to access the target IP80 port. The result was that I was visiting the target website. , It’s not that I visited my website.
The target device is intranet, and I don’t know what the visitor’s IP is. Because the IP is entered directly, the DNS spoofing tutorials on the Internet are not applicable, and the DNS spoofing tutorials on the Internet are all used by the target machine to access the external network, but this time the situation is just the opposite.
PS: Another problem is that I only have access to a windows-vista-32-bit server on the intranet, and can only use alandau-arpspoof. I have seen many tutorials that use Kali, but you don’t have a Kali Linux server on the intranet.
![[Image: 6f8141bb439e2a9c.jpg]](https://s3.bmp.ovh/imgs/2021/12/6f8141bb439e2a9c.jpg)
Because of the front-end js encryption, my idea is ARP spoofing phishing, forging a login page of the target device, and canceling ARP spoofing after others log in several times.
In other words, when the browsers of all the machines on the intranet enter the target IP address, my website is visited. I tried it. I built a port 80 website locally (actually the controlled machine), then turned on ARP spoofing, and then used a machine with another IP to access the target IP80 port. The result was that I was visiting the target website. , It’s not that I visited my website.
The target device is intranet, and I don’t know what the visitor’s IP is. Because the IP is entered directly, the DNS spoofing tutorials on the Internet are not applicable, and the DNS spoofing tutorials on the Internet are all used by the target machine to access the external network, but this time the situation is just the opposite.
PS: Another problem is that I only have access to a windows-vista-32-bit server on the intranet, and can only use alandau-arpspoof. I have seen many tutorials that use Kali, but you don’t have a Kali Linux server on the intranet.
![[Image: fa3c84e5ce4e4348.png]](https://s3.bmp.ovh/imgs/2021/12/fa3c84e5ce4e4348.png)