A proof-of-concept WebURL domain renderer, using a port of Chromium's IDN spoof-checking logic to protect against confusable domains

Last update: Jul 29, 2022

WebURLSpoofChecking

A proof-of-concept WebURL.Domain renderer which uses a port of Chromium's IDN spoof-checking logic (Overview, Implementation) to protect against confusable domains. It implements most of Chromium's logic, with the exception of:

  • Step 10, which checks single-script labels for whole-script confusables.
  • Step 12, which checks mixed-script labels for a number of known dangerous patterns.
  • Step 13, which checks mixed-script labels which look confusingly similar to a database of top domains.
// Non-spoofs are allowed.
// It doesn't just reject all Unicode 😅

WebURL.Domain("example.com")?.render(.checkedUnicodeString) // ✅ "example.com"
WebURL.Domain("a.أهلا.com")?.render(.checkedUnicodeString)   // ✅ "a.أهلا.com"
WebURL.Domain("你好你好")?.render(.checkedUnicodeString)     // ✅ "你好你好"

// But it does catch some actual spoofs, too.
// These are not the domains they might look like.

WebURL.Domain("раγpal.com")?.render(.checkedUnicodeString) // ✅ "xn--pal-vxc83d5c.com"
WebURL.Domain("аpple.com")?.render(.checkedUnicodeString)  // ✅ "xn--pple-43d.com"
WebURL.Domain("16კ.com")?.render(.checkedUnicodeString)    // ✅ "xn--16-1ik.com"
        
// Sometimes this includes specific rules for particular TLDs,
// such as only allowing "ə" (Latin Schwa, U+0259) in Azerbaijani domains

WebURL.Domain("əpple.com")?.render(.checkedUnicodeString)  // ✅ "xn--pple-u6b.com"
WebURL.Domain("əpple.az")?.render(.checkedUnicodeString)   // ✅ "əpple.az"

GitHub

https://github.com/karwa/swift-url-spoofcheck
You might also like...

CleanArchitecture - Helping project to learn Clean Architecture using iOS (Swift)

Clean Architecture Helping project to learn Clean Architecture using iOS (Swift)

Jun 8, 2022

BowTies - The main purpose of this application is to show how you can perform simple operations using Core Data

BowTies - The main purpose of this application is to show how you can perform simple operations using Core Data

BowTies The main purpose of this application is to show how you can perform simp

Jan 31, 2022

CloudKit, Apple’s remote data storage service, provides a possibility to store app data using users’ iCloud accounts as a back-end storage service.

CloudKit, Apple’s remote data storage service, provides a possibility to store app data using users’ iCloud accounts as a back-end storage service.

CloudKit, Apple’s remote data storage service, provides a possibility to store app data using users’ iCloud accounts as a back-end storage service. He

Jul 18, 2022

Ios-App-ication-Swift - A simple iOS application made in Xcode using Swift

Ios-App-ication-Swift - A simple iOS application made in Xcode using Swift

📱 iPhone Calculator A simple iOS application made in Xcode using Swift. This ap

Feb 2, 2022

OIDCLite implements the basics of getting a token using Apple's ASWebAuthenticationSession

OIDCLite While there are a few good Swift packages for Open ID Connect out there, most are /very/ heavyweight and can get quite complex. For projects

Apr 20, 2022

A Quick macOS app that will check a website's sitemap.xml against a new domain

A Quick macOS app that will check a website's sitemap.xml against a new domain

Migrator Quick and dirty native macOS app that will check a website's sitemap.xml against a new domain. When you're developing your new website and wa

Nov 8, 2021

SwiftUI TextEdit View - A proof-of-concept text edit component in SwiftUI & CoreText.

SwiftUI TextEdit View - A proof-of-concept text edit component in SwiftUI & CoreText.

A proof-of-concept text edit component in SwiftUI & CoreText. No UIKit, No AppKit, no UITextView/NSTextView/UITextField involved.

Dec 23, 2021

A very basic proof-of-concept Swift HTTP server that does not require Foundation

Swift Server Introduction This is very rough and basic HTTP server written in Swift without using Foundation. This is partially based on the Swifter r

Apr 27, 2022

A network extension app to block a user input URI. Meant as a network extension filter proof of concept.

A network extension app to block a user input URI. Meant as a network extension filter proof of concept.

URIBlockNE A network extension app to block a user input URI. Meant as a network extension filter proof of concept. This is just a research effort to

Nov 19, 2021

Proof-of-concept `WKWebview.evaluateJavaScript(...)` replacement for WebSocket-based Javascript execution.

Proof-of-concept `WKWebview.evaluateJavaScript(...)` replacement for WebSocket-based Javascript execution.

Jul 27, 2022

Proof concept of modularized app with SwiftPackages built over MVI + Combine + SwiftUI in a single repo

Proof concept of modularized app with SwiftPackages built over MVI + Combine + SwiftUI in a single repo

PKDex-iOS Proof concept of modularized app with SwiftPackages built over MVI + Combine + SwiftUI in a single repo Introduction This project is a proof

Apr 19, 2022

QR2Pass: a proof of concept for an alternative (passwordless) authentication system to a web server

QR2Pass This is a proof of concept for an alternative (passwordless) authenticat

Jun 9, 2022

A proof of concept of the VIPER architecture

This project contains a proof of concept of the VIPER architecture. For this we are going to make use of the public API tmdb, with which we will implement a search engine, a list and a view detail.

Feb 18, 2022

TCC ClickJacking - A proof of concept for a clickjacking attack on macOS

TCC ClickJacking - A proof of concept for a clickjacking attack on macOS

A proof of concept for a ClickJacking attack on macOS. Why? TCC (Transparency, Consent, and Control) restricts and control applicatio

Aug 3, 2022

Proof of concept app for trying to integrate passkeys and WebAuthn into Vapor

Proof of concept app for trying to integrate passkeys and WebAuthn into Vapor

Vapor Passkey Demo Proof of concept app for trying to integrate passkeys and WebAuthn into Vapor Usage Clone the project, then in Terminal run swift r

Jul 29, 2022

A SwiftUI proof-of-concept, and some sleight-of-hand, which adds rain to a view's background

A SwiftUI proof-of-concept, and some sleight-of-hand, which adds rain to a view's background

Atmos A SwiftUI proof-of-concept, and some sleight-of-hand, which adds rain to a view's background. "Ima use this in my app..." Introducing Metal to S

Aug 8, 2022

The concept won first place in the Design Concept Award contest Season 1 in 2021.

The concept won first place in the Design Concept Award contest Season 1 in 2021.

TallyCounter Developed by Vladyslav Fil as part of the You are launched "Design Concept Award" contest Season #1. Tally Counter Micro-Interaction demo

Jan 15, 2022

The concept took third place in the Design Concept Award contest Season 1 in 2021.

The concept took third place in the Design Concept Award contest Season 1 in 2021.

SpringAnimation Developed by Yurii Sameliuk as part of the You are launched "Design Concept Award" contest Season #1. SpringAnimation demo. Inspired b

Jul 10, 2022

The concept took second place in the Design Concept Award contest Season 1 in 2021.

The concept took second place in the Design Concept Award contest Season 1 in 2021.

SmileRate Developed by Alex Kryvodub as part of the You are launched "Design Concept Award" contest Season #1. SmileRate demo. Inspired by Duy Luong c

Jan 12, 2022
Commands providing shortcuts to common Postgres introspection queries (Swift port of heroku-pg-extras)

Commands providing shortcuts to common Postgres introspection queries (Swift port of heroku-pg-extras)

May 27, 2022
A clicker-like game based on the concept of a Knight abandoned in space
A clicker-like game based on the concept of a Knight abandoned in space

A Knight in Space A clicker-like game based on the concept of a Knight abandoned in space. Team Members Albin Shrestha, Zac Galer, Connor Kite, and Ma

Feb 7, 2022
A sample application showcasing Vapor 4 connecting to an Oracle database using SwiftOracle package.

vapor-oracle A sample application showcasing Vapor 4 connecting to an Oracle database using SwiftOracle package. In this Vapor application, we create

Jun 2, 2022
Shows the issue with swift using an ObjC class which has a property from a swift package.

SwiftObjCSwiftTest Shows the issue with swift using an ObjC class which has a property from a swift package. The Swift class (created as @objc derived

Nov 8, 2021
iForage helps foragers to track and manage foraging spots around them using CloudKit
iForage helps foragers to track and manage foraging spots around them using CloudKit

iForage CloudKit Preface To expand on what I've created here: https://github.com/LynchConnor/iForage, I initially developed the app using Firebase. Th

Jul 14, 2022
A food delivery app using firebase as the database.
A food delivery app using firebase as the database.

FDA-ONE Food Delivery Application is a mobile application that users can use to find the best restaurant around their location and order the meals the

Nov 28, 2021
Implement Student Admission System using SQlite
Implement Student Admission System using SQlite

StudentAdmissionSQLiteApp Implement Student Admission System using SQlite. #Func

Apr 27, 2022
Creating a Todo app using Realm and SwiftUI
Creating a Todo app using Realm and SwiftUI

Realmで作るTodoアプリ note記事「【SwiftUI】Realmを使ってTodoアプリを作る」のソースです。

Jul 20, 2022
Innova CatchKennyGame - The Image Tap Fun Game with keep your scores using Core Database
Innova CatchKennyGame - The Image Tap Fun Game with keep your scores using Core Database

Innova_CatchKennyGame The Image Tap Fun Game with keep your scores using Core Da

Dec 31, 2021
CRRateLimitTester - Simple Clash Royale Rate Limit Tester Written Using HummingBird and Swift

CRRateLimitTester Simple Clash Royale Rate Limit Tester Written Using HummingBir

Jan 16, 2022