Wednesday, 26 October 2011

Can you use an arp poisioning attack to send a target a different webpage than they searched?

can you use an ARP poisoning attack to prank someone by changing the website they want to go to? How would you do it?Can you use an arp poisioning attack to send a target a different webpage than they searched?ARP poisoning involves hijacking a DNS server at some point along the route between the host and the destination and causing it to provide false information. The way DNS servers operate (simplified version here), when you type a URL into your browser, it asks the closest DNS server for the IP address. If that DNS server doesn't know, it asks its neighbor for that information, and if that one doesn't know it asks its neighbor, and so on until eventually a DNS server has the correct IP address. Then it passes that information back down to you, and your browser establishes the HTTP connection with the IP address it recieved from the DNS server.



ARP poisoning involves feeding a DNS server at some point along that chain with a false URL/IP association. Needless to say, hacking a DNS server is no easy feat, and the steps involved are not only illegal (and thus, I will not explain) but highly complicated.



If you're trying to pull a simple prank on your friend, an easier one would be to edit the autocorrect feature in his word processor to change the word %26quot;the%26quot; to %26quot;butthead%26quot; or something. That has the same laugh factor, and doesn't involve breaking any laws.
Can you use an arp poisioning attack to send a target a different webpage than they searched?
No.

Do you have access to their router? If so, you can enter a routing script so that their computer (identified by the private IP address assigned on the router) is sent to a specific web site; however, this would happen every time.

For example, my home, wireless wi-fi router is open, anybody can get on; however, anybody but my private ip address is sent to a specific website.
Can you use an arp poisioning attack to send a target a different webpage than they searched?
Yes, you can.



As for telling you how to do it? No.



I will give you this much of a hint, it would work along the same lines as a man-in-the-middle attack.