Because of the front-end js encryption, my idea is ARP spoofing and phishing, forging a login page of the target device.
In other words, when the browsers of all PCs on the intranet input the target IP address, they are visiting my website.
I tried to set up a port 80 website on the attacker, then turned on ARP spoofing, and then used a machine with another IP to access the target IP80 port. The result was that I was visiting the target website, not me. Website, but the traffic does pass through me.
Personally, I guess that another step of forwarding is needed on the attacking machine, which is to forward the 80 of the target machine accessed by others to your own 80.
PS: The target device is intranet, and I don’t know what the visitor’s IP is. Because the IP is entered directly, the DNS spoofing tutorials on the Internet are not applicable, and the DNS spoofing tutorials on the Internet are all used by the target machine to access the external network, but this time the situation is just the opposite.