Hello, world! Today we are going to learn about a [phising] https://en.wikipedia.org/wiki/Phishing
attack called [IDN Homograph Attack](https://en.wikipedia.org/wiki/IDN_homograph_attack). What is [IDN Homograph Attack] https://en.wikipedia.org/wiki/IDN_homograph_attack The internationalized domain name (IDN) homograph attack is a way a malicious party may deceive computer users about what remote system they are communicating with, by exploiting the fact that many different characters look alike (i.e., they are homographs, hence the term for the attack). To explain that to guys, I am going to open `character map` application. Because the `character map` application comes with a lot of [unicode] https://en.wikipedia.org/wiki/Unicode characters, most of them cannot be accessed through the keyboard. Most of us think that the keyboard is the only characters that we have, but if take a look at the `character map` you can see a lot of [unicode] https://en.wikipedia.org/wiki/Unicode characters which related to other languages and symbols.
In this particular attack, we are going to use this Unicode characters to construct a [phising] https://en.wikipedia.org/wiki/Phishing `URL`, and see if that domain available to purchase. For example, click the following `URL` and see what's appear in browser `URL` bar. http://fаϲеbооk.com http://fаϲеbооk.com If you don't believe, try to copy paste the URL # Using EvilURL Tool We can not construct a URL by searching for every single matching character, or we can write a script that replaces normal character in the domain to Unicode character. But why do we bother if there is a tool available for it. [EvilURL] https://github.com/UndeadSec/EvilURL is an `open source` tool available in Github https://github.com. Go head clone it or download it to your computer **Requirements** * Python 3 or greater I am going to generate an [EvilURL]https://github.com/UndeadSec/EvilURL for [facebook.com] https://facebook.com
Choose `Generate evil urls` then press enter
> Insert name: facebook
>Insert level domain: .com
You will see the following output. It generated a list of Unicode URLs that look alike [facebook.com](https://facebook.com)
Now you copy those and see if those URLs available for purchase, most of them time it will. I searched for [fаσеbооk.com] http://fаσеbооk.com on [namecheap.com] http://namecheap.com the result was successful.
That's it guys, if you have any queries do not hesitate to leave a comment or message me on facebook. # Demonstration
No comments:
Post a Comment