Monday, March 2, 2015

IDN Homograph Attack (Undetectable Phishing URL)


Phishing pages are detected by many websites and antiviruses. So the phishing attacks are almost over. Here i got some great information about "Undetectable Phishing pages". I will not show you the actual phishing attack by IDN Homograph Attack. I will show you an example for this and it is same as you can use in your Phishing URL.


How attackers can trick users into clicking on links which appear to be genuine but lead to malware or phishing sites etc. I mentioned that one method used would be to replace characters of the genuine URL with characters from other language sets (Russian languages for example) which look the same as the English characters in the browser. In short the attacker can perform a homograph attack.


Internationalized Domain Name(IDN) homograph attack. This kind of spoofing attack is also known as script spoofing. For example, a person frequenting citybank.com may be lured to click a link in which the Latin "C" is replaced with the Russian "С".


Some time you make phishing page, But problem is the link of that phishing page, Due to that link it is possible to detect phishing page by target. Here i will show you how to change the alphabet that looks like english but it is not.


Here i will search my name "urvish sandanshiv" in the normal Google search engine and see what result i got.


The search result i got is 138

And now see the magic what happens with the result same name i search in the Google.

There is no result for my name. So what Google is unable to seach me. Search engines are stronger than me and intelligent too but i fooled them. What i did i just replaced the  English character "a"  to Russian "a" from my name it looks like same but it is different. And see the result what it happened. The same thing you can do in Phishing URLS. Replace the English characters with Russian  character while making Phishing URLS.

Original   ;- urvish sandanshiv
Duplicate :- urvish sаndаnshiv

You can not identify this thing so as the search engines.

Now the trick i will show you how to do this. And this can be use in making Phishing URL also. Just open this link Russian character set. You will see some of the letters that are same in English and in Russian but the meaning and pronunciation are different than English. You can make Undetectable phising URL with the help of this.


REFERENCE

en.wikipedia.org

www.securityninja.co.uk/




 Terms & Warning:

Use this script for educational purposes only and for your self knowledge.
Pro Hack Tricks Blog Team, its Author, Admin cannot be held responsible for any legal action or other action taken against you if you use this script illegally. Use at your own risk. But remember no one is untraceable.


No comments:

Post a Comment