-
Notifications
You must be signed in to change notification settings - Fork 2
/
main.html
44 lines (35 loc) · 1.6 KB
/
main.html
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
<!DOCTYPE html>
<html>
<head>
<meta name="viewport"><!-- When showing as a tab in fennec, scale to full size (150px + 320px) -->
<meta charset="utf-8">
<title>Punycode alerter</title>
<style type="text/css">
body {
width: 300px;
}
</style>
</head>
<body>
<h3>Punycode Alerter</h3>
<h4>What is punycode?</h4>
<p>Punycode is a way of representing URLs that allows more characters than ASCII.</p>
<h4>Why is this a problem?</h4>
<p>An attacker can use punycode to register a domain that looks like an official one. In a browser's URL field,
<code>https://www.xn--80ak6aa92e.com</code> looks just like <code>https://www.apple.com</code>. Users can misled
into entering their credentials on this fake website.</p>
<p>More information:</p>
<ul>
<li><a href="https://www.wordfence.com/blog/2017/04/chrome-firefox-unicode-phishing/" >Technical details</a></li>
<li><a href="https://www.theregister.co.uk/2017/04/18/homograph_attack_again/" >Media</a></li>
<li><a href="https://www.chromium.org/developers/design-documents/idn-in-google-chrome" >How Chromium (Chrome) handles it</a></li>
</ul>
<p>Author: <a href="http://github.com/yabirgb">Yábir Garcia</a>. Thanks to <a href="https://github.com/midopa">@midopa</a></p>
<p>Icon by <a href="http://www.flaticon.com/authors/madebyoliver">Madebyoliver</a></p>
<p>This extension can be found at
<a href="https://github.com/yabirgb/punycodeAlert">Github</a> under MIT license.
If you liked it and want to help, you can donate Bitcoins: 1Gdc7hdsQqCWfgcjhWdM2oxpgvvZ7vCN5D
</p>
<script src="lib/main.js"></script>
</body>
</html>