Punycode Alert is a GPLv3 Google Chrome, Chromium, Opera extension that warns users when the URL they are accessing has some Punycode content to prevent them from being cheated and redirected to a different URL. Its source code can be found in https://github.com/i3visio/punycode-alert.
Punycode is a way of representing Unicode characters using only the limited character subset of ASCII supported by the Domain Name System. Think about the following examples: "españa.tld", that has a non-ASCII character ('ñ') is translated into "xn--espaa-rta.tld" for browsers whose default language is not Spanish, but this is not happening for users using them.
Thus, users may find useful to get advised when these URL addresses provided to them contain some characters may look the same but may be encoding letters from different alphabets.
Think about another one such as "hack.tld" and "haсk.tld". Do they look the same, right? However, the first one is linking to the URL you now, while the second one contains the non-ASCII character 'с' which is taken from the Cyrilic alphabet. The real domain would be internally coded as "xn--hak-5ed.tld". Try it!
Do you see the applications that this have on phishing use cases? You can use Punycode Alert as another barrier to protect yourself and, of course, improve it and share it as this is GPL software.
谷歌浏览器、其他Chromium内核的浏览器
为打击盗链困扰,本站已启用人机验证
微信扫码关注左侧公众号,发送“插件”二字获得验证码,验证码5分钟全站有效