Search Irongeek.com:

Affiliates:







Help Irongeek.com pay for bandwidth and research equipment:





Homoglyph Attack Generator and Punycode Converter Homoglyph Attack Generator This app is meant to make it easier to generate homographs based on Homoglyphs than having to search for look-a-like character in Unicode, then coping and pasting. Please use only for legitimate pen-test purposes and user awareness training. I also recommend webapp developers use it to test out possible user impersonation attacks in their code. This is still a work in progress, so please send me suggestions (especially for new Homoglyphs to add). While this tool was designed with making IDNA/Punycode names for putting into DNS to display foreign characters in a browsers URL bar, it can be used for other things. Try ignoring the IDNA/Punycode stuff and just making look alike user names for systems that accept Unicode. I made this tool to easily generate homographs based on homoglyphs in Unicode and to test out how different apps display them. It seems like a lot of modern browsers have gotten better at warning the users of attack, but I'd love to hear experiences about other apps that accept Unicode/Punycode/Internationalized Domain Names, especially webapps. This app is meant to make it easier to generate homographs based on Homoglyphs than having to search for look-a-like character in Unicode, then coping and pasting. Please use only for legitimate pen-test purposes and user awareness training. I also recommend webapp developers use it to test out possible user impersonation attacks in their code. This is still a work in progress, so please send me suggestions (especially for new Homoglyphs to add). While this tool was designed with making IDNA/Punycode names for putting into DNS to display foreign characters in a browsers URL bar, it can be used for other things. Try ignoring the IDNA/Punycode stuff and just making look alike user names for systems that accept Unicode. I made this tool to easily generate homographs based on homoglyphs in Unicode and to test out how different apps display them. It seems like a lot of modern browsers have gotten better at warning the users of attack, but I'd love to hear experiences about other apps that accept Unicode/Punycode/Internationalized Domain Names, especially webapps. For more information see my Paper Proposal for "Out of Character: Use of Punycode and Homoglyph Attacks to Obfuscate URLs for Phishing". 1st, type in a name to look like: 2nd, choose homoglyphs to use: 3rd, Output will be something like this: Output appears here. 4th submit so PHP can generate the IDNA/Punycode:

Unicode URL to give out:

Encoded label to set up in DNS: Below is phlyLabs original converter if you want to try taking the Homograph back and forth: Original (Unicode) Punycode (ACE)

IDNA 2003 IDNA 2008



PHP code based on examples and libraries from phlyLabs Berlin; part of phlyMail

Also thanks to http://homoglyphs.net for helping me find more glyphs.

Char Homoglyphs ᅟ ᅠ ㅤ ! ! ǃ ！ " " ״ ″ ＂ $ $ ＄ % % ％ & & ＆ ' ' ＇ ( ( ﹝ （ ) ) ﹞ ） * * ⁎ ＊ + + ＋ , , ‚ ， - - ‐ 𐀠񴐠－ . . ٠ ۔ ܁ ܂ ․ ‧ 。 ． ｡ / / ̸ ⁄ ∕ ╱ ⫻ ⫽ ／ ﾉ 0 0 O o Ο ο О о Օ 𐐠𱠠Ｏ ｏ 1 1 I ا １ 2 2 ２ 3 3 ３ 4 4 ４ 5 5 ５ 6 6 ６ 7 7 𐐠𱰠７ 8 8 Ց ８ 9 9 ９ Char Homoglyphs : : ։ ܃ ܄ ∶ ꞉ ： ; ; ; ； < < ‹ ＜ = = 𐀠񴀠＝ > > › ＞ ? ? ？ @ @ ＠ [ [ ［ \ \ ＼ ] ] ］ ^ ^ ＾ _ _ ＿ ` ` ｀ a A a À Á Â Ã Ä Å à á â ã ä å ɑ Α α а Ꭺ Ａ ａ b B b ß ʙ Β β В Ь Ᏼ ᛒ Ｂ ｂ c C c ϲ Ϲ С с Ꮯ Ⅽ ⅽ 𐐠𺀠Ｃ ｃ d D d Ď ď Đ đ ԁ ժ Ꭰ ḍ Ⅾ ⅾ Ｄ ｄ e E e È É Ê Ë é ê ë Ē ē Ĕ ĕ Ė ė Ę Ě ě Ε Е е Ꭼ Ｅ ｅ f F f Ϝ Ｆ ｆ g G g ɡ ɢ Ԍ ն Ꮐ Ｇ ｇ h H h ʜ Η Н һ Ꮋ Ｈ ｈ i I i l ɩ Ι І і ا Ꭵ ᛁ Ⅰ ⅰ 𐐠𰰠Ｉ ｉ j J j ϳ Ј ј յ Ꭻ Ｊ ｊ k K k Κ κ К Ꮶ ᛕ K Ｋ ｋ Char Homoglyphs l L l ʟ ι ا Ꮮ Ⅼ ⅼ Ｌ ｌ m M m Μ Ϻ М Ꮇ ᛖ Ⅿ ⅿ Ｍ ｍ n N n ɴ Ν Ｎ ｎ 0 0 O o Ο ο О о Օ 𐐠𱠠Ｏ ｏ p P p Ρ ρ Р р Ꮲ Ｐ ｐ q Q q Ⴍ Ⴓ Ｑ ｑ r R r ʀ Ի Ꮢ ᚱ Ｒ ｒ s S s Ѕ ѕ Տ Ⴝ Ꮪ 𐐠𵠠Ｓ ｓ t T t Τ τ Т Ꭲ Ｔ ｔ u U u μ υ Ա Ս ⋃ Ｕ ｕ v V v ν Ѵ ѵ Ꮩ Ⅴ ⅴ Ｖ ｖ w W w ѡ Ꮃ Ｗ ｗ x X x Χ χ Х х Ⅹ ⅹ Ｘ ｘ y Y y ʏ Υ γ у Ү Ｙ ｙ z Z z Ζ Ꮓ Ｚ ｚ { { ｛ | | ǀ ا ｜ } } ｝ ~ ~ ⁓ ～ ß ß ӧ ä Ä Ӓ ö Ö Ӧ Changes:

11/28/2017: Added ḍ as sugested by rockethamster. 3/11/2012: Added option to use 'Right-To-Left Override' (U+202E) so you can do some stupied EXE tricks, and added a linkless output so you can copy & paste your homography without formatting. 3/11/2012: Added ﾉ for /. 4/3/2012: I found a list of IDN blacklisted characters on Mozilla's site and added them. I also added a table of the homoglyphs I'm using.

3/6/2012: ٠ was also suggested by @Voulnet.

3/5/2012: @Voulnet suggested I add Arabic letter ا. I put it in for l, i, | and 1. 15 most recent posts on Irongeek.com:

