Skip to content
/ homographic_spoofing Public

Toolkit to both detect and sanitize homographic spoofing attacks in URLs and Email addresses

License

MIT license
82 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

basecamp/homographic_spoofing

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

24 Commits
.github/workflows
.github/workflows
 
 
bin
bin
 
 
lib
lib
 
 
test
test
 
 
.gitignore
.gitignore
 
 
Gemfile
Gemfile
 
 
Gemfile.lock
Gemfile.lock
 
 
MIT-LICENSE
MIT-LICENSE
 
 
README.md
README.md
 
 
homographic_spoofing.gemspec
homographic_spoofing.gemspec
 
 

Repository files navigation

HomographicSpoofing

Toolkit to both detect and sanitize homographic spoofing attacks in URLs and Email addresses.

Installation

Add this line to your application's Gemfile:

gem "homographic_spoofing"

And then execute:

$ bundle

Or install it yourself as:

$ gem install homographic_spoofing

Configuration

If HomographicSpoofing.logger is set to a Logger instance, the gem will log all the violations found. If you're using Rails, it is automatically configured to use Rails.logger, otheriwse you can set it manually:

HomographicSpoofing.logger = Logger.new("log/homographic_spoofing.log")

Usage

IDN

What is an IDN

Check if an IDN is an homographic spoof

HomographicSpoofing.idn_spoof?("www.basecаmp.com")
# => true, uses cyrillic 'а' instead of latin 'a'
HomographicSpoofing.idn_spoof?("www.basecamp.com")
# => false

Sanitize an IDN

The library can also sanitize an IDN by converting all confusable characters to their punycode representation.

HomographicSpoofing.sanitize_idn("www.basecаmp.com")
# => "www.xn--basecmp-6fg.com"
HomographicSpoofing.sanitize_idn("www.basecamp.com")
# => "www.basecamp.com"

Email addresses

An email address is formed from three main parts:

"Jacopo Beschi" <[email protected]>

  • The domain-part is "basecamp.com"
  • The local-part is "jacopo.beschi"
  • The quoted-string-part is "Jacopo Beschi"

Check if an email_address is an homographic spoof

HomographicSpoofing.email_address_spoof?(%{"Jacopo Beschi" <jacopo.beschi@basecаmp.com>})
# => true, uses cyrillic 'а' instead of latin 'a'

Sanitize an email_address

>> HomographicSpoofing.sanitize_email_address(%{"Jacopo Beschi" <jacopo.beschi@basecаmp.com>})
# => "\"Jacopo Beschi\" <[email protected]>"

Check if an email_address local-part is an homographic spoof

HomographicSpoofing.email_local_spoof?("jacopo.beschi")
# => false

Check if an email_address quoted-string-part is an homographic spoof

HomographicSpoofing.email_name_spoof?("Jacopo Beschi")
# => false

Sanitize an email_address quoted-string-part

HomographicSpoofing.sanitize_email_name("Jacopo Beschi")
# => "Jacopo Beschi"

Development

To experiment, start the console with bin/console. Run the test via bin/test.

Contributing

Bug reports and pull requests are welcome on GitHub at https://github.com/basecamp/homographic_spoofing.

License

The IDN spoof detection algorithms are inspired by Chromium's spoof_check source code.

The gem is available as open source under the terms of the MIT License.

About

Toolkit to both detect and sanitize homographic spoofing attacks in URLs and Email addresses

Topics

homograph-attack

Resources

Readme

License

MIT license
Activity
Custom properties

Stars

82 stars

Watchers

7 watching

Forks

0 forks
Report repository

Releases

2 tags

Packages

No packages published

Languages