Homograph detection mistake
julotools opened this issue · 3 comments
The POC: "аррӏе.com" of homograph attack is not detected by a "dnstwist" on the real website "apple.com".
Some characters are missing in the glyph list of the file: dnstwist.py
line: 408 in: self.glyphs = {
ex : "аррӀе" -> "apple"
"а" (U+0430) -> a
"р" (U+0440) -> p
"Ӏ" (U+04C0) -> l
"е" (U+0435) -> e
But there are others to add like: "оօᴑᴄсѕгсԀԁց", the detail
In general, TLD authorities disallow mixing of characters coming from different Unicode scripts or maintain their own sets of acceptable characters. There are very few Cyrillic characters that look like Latin ones, and since you can't mix them, the use cases are extremely limited. Are you able to provide a similar example to apple.com (xn--80ak6aa92e.com)?
Examples only with Cyrillic characters :
Perfectly :
- уаһоо
- раураӏ
- аоӏ
- аха
- ӏсӏ
Not so bad :
- еьау
- ӏіѵе
- ѕкуре
- ԍоԍԍӏе
- тікток
- ԝікіреԁіа
- маіӏ
- геԁԁіт
Pretty bad :
- тԝіттєг or тԝіттєя
- ьаіԁц
- ԝаӏмагт
Very well. Pull the latest code and test it:
$ ./dnstwist.py --fuzzer cyrillic apple.com