<<< Date Index >>>     <<< Thread Index >>>

Re: International Domain Name [IDN] support in modern browsers allows attackers to spoof domain name URLs + SSL certs.



We have tried to play with this trick to see if it is usable for spam or phishing via email. Unfortunately most browsers display the punycoded address in the address bar like you will see if you click the link here:
http://www.ѕimon.com/index2.html

But with a frontpage containing a meta refresh tag with the UTF-8 encoded domain name like this: <META HTTP-EQUIV=Refresh content="0; URL=http://www.&#1109;imon.com/index2.html";>
the address bar will also show the UTF-8 encoded text.

Punycoded address bar:
http://www.ѕimon.com/index2.html

UTF-8 address bar for phishers:
http://www.ѕimon.com/

--
Simon Østengaard
GCUX, LPIC-2
simon@xxxxxxxxxxxxx

and
Mikael Grotrian

 It is a book about a Spanish guy called Manual. You should read it.
       -- Dilbert