A Logo

Feel free to include my content in your page via my
RSS feed

Help Irongeek.com pay for
bandwidth and research equipment:
Subscribestar or Patreon

Search Irongeek.com:

Affiliates:
Irongeek Button
Social-engineer-training Button

Help Irongeek.com pay for bandwidth and research equipment:

paypalpixle


Homoglyph Attack Generator and Punycode Converter

Homoglyph Attack Generator

     This app is meant to make it easier to generate homographs based on Homoglyphs than having to search for look-a-like character in Unicode, then coping and pasting. Please use only for legitimate pen-test purposes and user awareness training. I also recommend webapp developers use it to test out possible user impersonation attacks in their code. This is still a work in progress, so please send me suggestions (especially for new Homoglyphs to add). While this tool was designed with making IDNA/Punycode names for putting into DNS to display foreign characters in a browsers URL bar, it can be used for other things. Try ignoring the IDNA/Punycode stuff and just making look alike user names for systems that accept Unicode. I made this tool to easily generate homographs based on homoglyphs in Unicode and to test out how different apps display them. It seems like a lot of modern browsers have gotten better at warning the users of attack, but I'd love to hear experiences about other apps that accept Unicode/Punycode/Internationalized Domain Names, especially webapps.

For more information see my Paper Proposal for "Out of Character: Use of Punycode and Homoglyph Attacks to Obfuscate URLs for Phishing".

1st, type in a name to look like:
2nd, choose homoglyphs to use:

3rd, Output will be something like this:

Output appears here.

4th submit so PHP can generate the IDNA/Punycode:

Unicode URL to give out:
Encoded label to set up in DNS:

Below is phlyLabs original converter if you want to try taking the Homograph back and forth:

Original (Unicode) Punycode (ACE)



PHP code based on examples and libraries from phlyLabs Berlin; part of phlyMail
Also thanks to http://homoglyphs.net for helping me find more glyphs.

CharHomoglyphs
ᅟ ᅠ                     ㅤ
! ! ǃ !
" " ״ ″ "
$ $ $
% % %
& & &
' ' '
( ( ﹝ (
) ) ﹞ )
* * ⁎ *
+ + +
, , ‚ ,
- - ‐ 𐀠񴐠-
. . ٠ ۔ ܁ ܂ ․ ‧ 。 . 。
/ / ̸ ⁄ ∕ ╱ ⫻ ⫽ / ノ
0 0 O o Ο ο О о Օ 𐐠𱠠O o
1 1 I ا 1
2 2 2
3 3 3
4 4 4
5 5 5
6 6 6
7 7 𐐠𱰠7
8 8 Ց 8
9 9 9
CharHomoglyphs
: : ։ ܃ ܄ ∶ ꞉ :
; ; ; ;
< < ‹ <
= = 𐀠񴀠=
> > › >
? ? ?
@ @ @
[ [ [
\ \ \
] ] ]
^ ^ ^
_ _ _
` ` `
a A a À Á Â Ã Ä Å à á â ã ä å ɑ Α α а Ꭺ A a
b B b ß ʙ Β β В Ь Ᏼ ᛒ B b
c C c ϲ Ϲ С с Ꮯ Ⅽ ⅽ 𐐠𺀠C c
d D d Ď ď Đ đ ԁ ժ Ꭰ ḍ Ⅾ ⅾ D d
e E e È É Ê Ë é ê ë Ē ē Ĕ ĕ Ė ė Ę Ě ě Ε Е е Ꭼ E e
f F f Ϝ F f
g G g ɡ ɢ Ԍ ն Ꮐ G g
h H h ʜ Η Н һ Ꮋ H h
i I i l ɩ Ι І і ا Ꭵ ᛁ Ⅰ ⅰ 𐐠𰰠I i
j J j ϳ Ј ј յ Ꭻ J j
k K k Κ κ К Ꮶ ᛕ K K k
CharHomoglyphs
l L l ʟ ι ا Ꮮ Ⅼ ⅼ L l
m M m Μ Ϻ М Ꮇ ᛖ Ⅿ ⅿ M m
n N n ɴ Ν N n
0 0 O o Ο ο О о Օ 𐐠𱠠O o
p P p Ρ ρ Р р Ꮲ P p
q Q q Ⴍ Ⴓ Q q
r R r ʀ Ի Ꮢ ᚱ R r
s S s Ѕ ѕ Տ Ⴝ Ꮪ 𐐠𵠠S s
t T t Τ τ Т Ꭲ T t
u U u μ υ Ա Ս ⋃ U u
v V v ν Ѵ ѵ Ꮩ Ⅴ ⅴ V v
w W w ѡ Ꮃ W w
x X x Χ χ Х х Ⅹ ⅹ X x
y Y y ʏ Υ γ у Ү Y y
z Z z Ζ Ꮓ Z z
{ { {
| | ǀ ا |
} } }
~ ~ ⁓ ~
ß ß ӧ
ä Ä Ӓ
ö Ö Ӧ
Changes:
11/28/2017: Added ḍ as sugested by rockethamster. 3/11/2012: Added option to use 'Right-To-Left Override' (U+202E) so you can do some stupied EXE tricks, and added a linkless output so you can copy & paste your homography without formatting. 3/11/2012: Added ノ for /. 4/3/2012: I found a list of IDN blacklisted characters on Mozilla's site and added them. I also added a table of the homoglyphs I'm using.
3/6/2012: ٠ was also suggested by @Voulnet.
3/5/2012: @Voulnet suggested I add Arabic letter ا. I put it in for l, i, | and 1.

15 most recent posts on Irongeek.com: