IDN Homograph Attack
What is an IDN Homograph Attack?
IDN stands for Internationalized Domain Name. These are domain names that include characters from various languages and scripts, not just the ASCII characters (a-z, 0-9) traditionally used in domain names.
A homograph refers to characters that look alike but are different. Technically, the term homoglyph is more accurate because it denotes characters that look similar across different scripts.
How Does an IDN Homograph Attack Work?
An IDN homograph attack exploits the visual similarity between characters from different scripts to deceive users about the true nature of a domain name.
Example of Homographs
Latin "a" (U+0061)
Cyrillic "а" (U+0430)
These two characters look almost identical but are different from a computer’s perspective.
Script Spoofing
Also known as script spoofing, this attack involves using characters from different scripts to create deceptive domain names. Unicode, the character encoding standard, includes characters from many writing systems. Some characters look similar but have different codes and meanings. For example:
Greek Ο (U+039F)
Latin O (U+004F)
Cyrillic О (U+041E)
IDN
Unicode
Legitimate match
xn--alixpress-d4a.com
aliéxpress.com
aliexpress.com
xn--go0gl-3we.fm
go0glе.fm
google.com
xn--mazon-wqa.com
ámazon.com
amazon.com
Checklist
1. Open the burp collaborator client > Generate Collaborator payload .
2. Go to the sign up page of target.com and create a new account with email- abc@gmail.com.burpcollaboratorpayloadhere
3. Now if the target.com has email confirmation > you will receive the email confirmation link in burp collaborator client > verify the email.
4. Go to password reset page of target.com > enter email as abc@gmáil.com.burpcollaboratorpayloadhere
5. If the target.com is vulnerable then it will send password reset link to the mail- abc@xn — gmil-6na.com.burpcollaboratorpayloadhere and you will receive password reset link in burp collaborator client. Make sure to check in burp collaborator client -received email details: To- abc@xn — gmil-6na.com.burpcollaboratorpayloadhere.
6. Now you can change the password and access the victim’s account.
Change Email to vctim's email but with idn homograph attack
Victim's Email: victim@gmail.com
Attacker's Email: victim@gmáil.com
Tools
Another Resources
Last updated
Was this helpful?