Closed julotools closed 1 year ago
In general, TLD authorities disallow mixing of characters coming from different Unicode scripts or maintain their own sets of acceptable characters. There are very few Cyrillic characters that look like Latin ones, and since you can't mix them, the use cases are extremely limited. Are you able to provide a similar example to apple.com (xn--80ak6aa92e.com)?
Examples only with Cyrillic characters :
Perfectly :
Not so bad :
Pretty bad :
Very well. Pull the latest code and test it:
$ ./dnstwist.py --fuzzer cyrillic apple.com
The POC: "аррӏе.com" of homograph attack is not detected by a "dnstwist" on the real website "apple.com".
Some characters are missing in the glyph list of the file: dnstwist.py line: 408 in: self.glyphs = {
ex : "аррӀе" -> "apple" "а" (U+0430) -> a "р" (U+0440) -> p "Ӏ" (U+04C0) -> l "е" (U+0435) -> e
But there are others to add like: "оօᴑᴄсѕгсԀԁց", the detail