IDN Homograph Attack – Exploitation in Phishing
First things first: What are homographs?Here’s a simple example … for the coders here. There’s a prank in which you change the semicolon in the code of a friend to a Greek question mark: see hereActually the “;” and
Back on topic!Phishing is always considered primitive as usually, the attack scenarios are not that revolutionary to be treated as critical, whereas they actually are. What will we need for this tutorial?–> just few bucks to rent a domain name and hosting..–> create a fake page : a clone of the website which is used to collect wanted dataFirst, we need to choose a website the victim whose private date we need … Let’s say Blockchain.info. We decide to replace a and b with letters from the Cyrillic alphabet: Вlockchаin.infoSecond, we need to know that browsers tend to convert Puny code in URLs to regular text. What is puny code? It's nothing but a way to represent non-Latin symbols. Let’s convert our fake domain name to Punycode Вlockchаin.info becomes xn--lockchin-66gn.info using this tool.Third, we buy that domain from let’s say NameCheap or Hostgator and host it anywhere then upload our fake page. Finally, an attacker has the choice of targeting a single target crafting an SE attack or massive targeting using Spear phishing.
What’s going to happen ?
- The victim will visit the URL , either from a spoofed e-mail / sms (we will cover email and sms spoofing in upcoming articles) or from you directly .
- The victim’s browser most likely will convert the punycode to regular URL : xn--lockchin-66gn.info becomes Blockchain.info
- As the URL is similar to the original website , they won’t recognize the difference and submit their data !!
Firefox, Chrome, and Opera browsers are vulnerable to the homograph attack, whereas the latest Chrome will contain a fix for this issue. Within Firefox the support for Punycode can be disabled by navigating to about:config and disabling “network.IDN_show_punycode”.Or you can use this Chrome extension to detect Punycode:
I hope this article was helpful and that you learned something new. Brought to you by Jawady Muhammad Habib and my blog http://s3curi7y.tn/