Homograph IDN Based

Internationalized Domain Name Homograph Attack

Overview of the Vulnerability

Internationalized Domain Name (IDN) homograph attack is a type of typosquatting attack that spoofs the name of a known domain by using homoglyph characters that mimic the actual letter. Through this type of attack, users are often socially engineered to perform an action due to the inherent trust they have in the business and its brand.

A successful IDN Homograph attack can allow an attacker to social engineer users to navigate to a malicious website where the attacker can use the trust of the credible domain name to phish users for their credentials.

Business Impact

This vulnerability can lead to reputational damage and indirect financial loss to the company through the impact to customers’ trust.

Steps to Reproduce

1. Enable a HTTP interception proxy, such as Burp Suite or OWASP ZAP

2. Use a browser to navigate to: {{URL}}

3. Perform {{action}} and capture the request in the HTTP interception proxy

4. Insert {{payload}} in {{parameter}} and forward or replay the following request to the endpoint:

{{request}}

Proof of Concept (PoC)

The screenshot(s) below demonstrates the IDN Homograph attack:

{{screenshot}}

Recommendation(s)

There is no single technique to protect from content spoofing. However, the following best practices should be adhered to:

Validate all input data, including that which is reflected by a request parameter Refrain from passing HTML data via request parameters. Properly encode the HTML before passing it through a request parameter if there is no other way. Refrain from displaying messages via request parameter. It is best practice to use temporary sessions instead.

For more information, please see:

• https://capec.mitre.org/data/definitions/148.html

• https://owasp.org/www-community/attacks/Content_Spoofing

• https://cheatsheetseries.owasp.org/cheatsheets/Cross_Site_Scripting_Prevention_Cheat_Sheet.html#output-encoding