Advance phishing with IDN Homograph Attack


What is IDN Homograph Attack? 
An IDN Homograph Attack is a technique of spoofing a domain name with similar looking character using UNICODE character. For example http://ĝoogle.com -- ĝ not g , http://ḃing.com -- ḃ not b, http://asĸ.com 
 -- ĸ not k 

Steps for the Attack 
  • Clone in to the following github URL : https://github.com/UndeadSec/EvilURL.git 
  • Move to your EvilURL directory and type "python evilurl.py"

  •  In Insert name options insert your target site name for example i am going to use Google ,and in domain level insert what level of domain you want to spoof as i am choosing .com
  •  Now we got our Homograph URL 

Above you can see domain name has been spoof with different characters.In MORE EXTENSIVE URL we can see more character has replaced with Unicode characters, let see what happens if i type this URL in my browser.

So first I will choose a Unicode URL and will paste it to my browser and see what happens


  And now as you can see when i paste to browser it converted to punycode which is a encoding method for converting Unicode character to ASCII.



You can now use any of these spoofed url for a phishing attack by registering them .
You can mitigate them by using punycode and be extra careful by clicking a URL 

Comments

Popular posts from this blog

USB forensic : Find the history of every connected USB device on your computer

Crawling pastebin to find specific pastedump

Hack WinRAR password by using Brute force attack

Fileless malware Analysis with Cuckoo sandbox

Web application penetration testing: Tools and Techniques for web security auditing