Ready to Start Your Career?

By: Shaquib Izhar
January 27, 2018
Advance phishing with IDN Homograph Attack

By: Shaquib Izhar
January 27, 2018
What is IDN Homograph Attack?
An IDN Homograph Attack is a technique of spoofing a domain name with similar looking character using UNICODE character. For example http://ĝoogle.com -- ĝ not g , http://ḃing.com -- ḃ not b, http://asĸ.com
-- ĸ not k
Steps for the Attack
- Clone in to the following github URL : https://github.com/UndeadSec/EvilURL.git
- Move to your EvilURL directory and type "python evilurl.py"
- In Insert name options insert your target site name for example i am going to use Google ,and in domain level insert what level of domain you want to spoof as i am choosing .com
- Now we got our Homograph URL
So first I will choose a Unicode URL and will paste it to my browser and see what happens
And now as you can see when i paste to browser it converted to punycode which is a encoding method for converting Unicode character to ASCII.
You can now use any of these spoofed url for a phishing attack by registering them .
You can mitigate them by using punycode and be extra careful by clicking a URL