Fractional Slash Domains
@SighSec and I recently discovered there are more types of homograph symbols you are allowed to use when registering an IDN (Internationalised Domain Name) than expected. These symbols could potentially be used to trick unwary users into following malicious links by making a domain appear as though it were referencing a local file or one on a mapped drive. Background on IDNs IDN Homograph attacks most recently entered mainstream news back in Q2 2017. It was shown that domains could be registered using regular ASCII characters alongside characters from other languages, a feature used to support domain names for countries with different character sets. This presented an issue as it meant that domains could be registered and characters could be swapped out for their doppelgangers (homographs), allowing anyone to register xn--80ak6aa92e.com which when converted almost certainly looks like apple.com! This becomes particularly dangerous when using ASCII characters with diacritics an...