Thursday, April 20, 2017

Phishing with Unicode Domains

“Phishing with Unicode Domains” is an interesting phishing attack resurfaced by a security researcher named Xudong Zheng last week.
In this phishing attack, it is impossible to identify whether a site is fraudulent one by just checking the SSL certificate + the URL in the URL bar.

Punycode makes it possible to register domains with foreign characters. It works by converting individual domain label to an alternative format using only ASCII characters. For example, the domain "xn--s7y.co" is equivalent to "短.co".
From a security perspective, Unicode domains can be problematic because many Unicode characters are difficult to distinguish from common ASCII characters. It is possible to register domains such as "xn--pple-43d.com", which is equivalent to "аpple.com". It may not be obvious at first glance, but "аpple.com" uses the Cyrillic "а" (U+0430) rather than the ASCII "a" (U+0041). This is known as a homograph attack.

Original article: https://www.xudongz.com/blog/2017/idn-phishing/
POC: https://www.xn--80ak6aa92e.com/
https://en.wikipedia.org/wiki/IDN_homograph_attack


~~~


1 comment:

Karthika Shree said...

It's interesting that many of the bloggers to helped clarify a few things for me as well as giving.Most of ideas can be nice content.The people to give them a good shake to get your point and across the command.
Java Training in Chennai