This repository has been archived by the owner on Aug 5, 2023. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 1
/
index.html
60 lines (60 loc) · 3.01 KB
/
index.html
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<title>Actually not CaixaBank</title>
<meta name="description" content="Sample site to demonstrate how internationalized domain names (IDN) homographic attacks can be used by attackers to improve phishing attacks. The domain name behind this site looks like a Spanish bank one, but isn't" >
<meta name="keywords" content="idn,internationalized domain name,punycode,caixabank">
<meta name="author" content="John Doe">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<style>
body,html {
min-height: 100vh;
min-width: 100vw;
margin: 0;
font-family: sans-serif;
}
body {
display: inline-flex;
align-items: center;
justify-content: center;
flex-direction: column;
font-size: 1.8em;
padding: 2em;
box-sizing: border-box;
gap: 1em;
}
.hey {
font-size: 1.25em;
font-weight: bold;
}
code {
font-family: monospace;
}
code.letter {
font-size: 1.25em;
font-weight: bold;
}
span {
text-align: center;
}
span.small {
font-size: 0.75rem;
}
</style>
<base target="_blank">
</head>
<body>
<span class="hey">👋 Hey! Were you looking for <a href="https://www.caixabank.com"><code>caixabank.com</code></a>?</span>
<span>Well, then you've been tricked 😜</span>
<span>Check your address bar 👁️👄👁️ Do you see <code>caixabank.com</code>?</span>
<span>Take a closer look at the first <code class="letter">a</code> letter that appears 🔍</span>
<span>It's not actually an <code class="letter">a</code> but an <a href="https://www.unicode.org/charts/nameslist/n_0100.html#:~:text=%C2%A0%C4%85-,LATIN%20SMALL%20LETTER%20A%20WITH%20OGONEK,-%E2%80%A2"><code class="letter">ą</code></a><span class="small"> (an <i>a</i> with an <i><a href="https://en.wikipedia.org/wiki/Ogonek">ogonek</a></i>)</span></span>
<span>A slight visual difference, but a huge difference technically</span>
<span>This domain <code><a href="https://cąixabank.com">cąixabank.com</a></code> and the legit domain <code><a href="https://caixabank.com">caixabank.com</a></code> are <b>completely different domains</b></span>
<span>And <a href="https://davidlj95.com">I</a> own this one to warn you that attackers could use this trick against you</span>
<span>But an attacker could use it in a <a href="https://en.wikipedia.org/wiki/Phishing">phishing attack</a>, displaying a website that looks alike the legit one but that sends sensitive data to them</span>
<span>This attack is known as an <a href="https://en.wikipedia.org/wiki/IDN_homograph_attack">IDN homograph attack</a></span>
<a href="http://github.com/davidlj95/idn-homograph-attack-sample"><img src="github.svg" alt="GitHub" width="32"/></a>
</body>
</html>