What is IDN Homograph Attack?
An IDN Homograph Attack is a technique of spoofing a domain name with similar looking character using UNICODE character. For example http://ĝoogle.com -- ĝ not g , http://ḃing.com -- ḃ not b, http://asĸ.com
-- ĸ not k
Steps for the Attack
- Clone in to the following github URL : https://github.com/UndeadSec/EvilURL.git
- Move to your EvilURL directory and type "python evilurl.py"
- In Insert name options insert your target site name for example i am going to use Google ,and in domain level insert what level of domain you want to spoof as i am choosing .com
- Now we got our Homograph URL
Above you can see domain name has been spoof with different characters.In MORE EXTENSIVE URL we can see more character has replaced with Unicode characters, let see what happens if i type this URL in my browser.
So first I will choose a Unicode URL and will paste it to my browser and see what happens
And now as you can see when i paste to browser it converted to punycode which is a encoding method for converting Unicode character to ASCII.
You can now use any of these spoofed url for a phishing attack by registering them .
You can mitigate them by using punycode and be extra careful by clicking a URL