Add IDN Homograph Domains to blocklist.yaml #1426
Open
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
You may be asking, why is github.com is being blocklisted? Well, it is not actual github.com, although they are visually similar. Still in doubt? Compare "ɡithub.com" === "github.com" in your browser console, the result will be `false`
glaubermagal
changed the title
glaubermagal
changed the title
glaubermagal
changed the title
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
You might be wondering why "ɡithub.com" is blocklisted. The answer is: it's not the real github.com, though they look similar. Still unsure? Try comparing "ɡithub.com" === "github.com" in your browser console—you'll see it returns
false.Using domains with mixed scripts for malicious purposes is called
IDN Homograph Attack. It is a very advanced type of attack – and I plan keep adding relevant homograph domains here from now on, so we will help prevent people from being deceived by them.I used a tool I created, EvilURL, to analyze the actual github.com domain. I discovered a concerning issue: some registrars allow domains with mixed character sets, enabling bad actors to create domains that look nearly identical to legitimate ones. And this malicious domain "ɡithub.com" is registered and leading to a malicious website.
Please follow me on github and give a start to my repo. This will help me keeping improving my Cybersecurity tool.