Homograph attack on domains with K

 Internationalized domain name (IDN) homograph attack is way a thirdparty may confuse users exploiting the fact that many characters may look alike. For example urls "https://bank.com" and "https://bаnk.com" are look as the same, but actually first url contains latin "a", the second cyrilic "а" which looks alike latin.  This characters are called "homoglyphs". You may find more homoglyphs at http://www.irongeek.com/homoglyph-attack-generator.php .

IDN can be represented as unicode url or punycode.

Basically you can't register domain names with homoglyphs. Try to register "bаnk.com" and request will be rejected, because this name contains cyrilic "а". IDN registration policy  not allow to mix latin and cyrilic letters. More details about restrictions you can find here and at iana.org.


In IDN latin table (which represent permitted code points (letters) allowed for Internationalised Domain Name registrations) exists very interesting character "*Kra*". This character looks (Κʻ / ĸ) U+0138. In lower case it is homoglyph for latin "k". And it is allowed to register domain names with this character.



For example I's able to register next domain "http://vĸ.com/".


I think this homoglyph character may cause a lot of phishing attacks on users. As PoC I provide few screenshots from Twitter and Skype. This links are looks very similiar to original and will confuse many users.



The best solution is remove (Κʻ / ĸ) U+0138 from permitted letters table for not allowing registration of such domains.

Comments

  1. Крутой домен.

    Вспомнил
    http://xakep-archive.ru/xa/125/026/1.htm

    https://ru.scribd.com/doc/160440344/%D0%A5%D0%B0%D0%BA%D0%B5%D1%80-2012-08-163-pdf

    Прослезился

    ReplyDelete
    Replies
    1. Ага, я этим выпуском Хакера и вдохновился, плюс видел пару репортов на H1 по этой теме

      Delete
  2. But good solution is not believing site with k letter in it.

    ReplyDelete
  3. I appreciate your hard work. Keep posting new updates with us. Thanks for all the useful insights.

    Fully dedicated

    ReplyDelete

Post a Comment

Popular posts from this blog

Facebook Messenger server random memory exposure through corrupted GIF image