A proof-of-concept WebURL domain renderer, using a port of Chromium's IDN spoof-checking logic to protect against confusable domains

Overview

WebURLSpoofChecking

A proof-of-concept WebURL.Domain renderer which uses a port of Chromium's IDN spoof-checking logic (Overview, Implementation) to protect against confusable domains. It implements most of Chromium's logic, with the exception of:

  • Step 10, which checks single-script labels for whole-script confusables.
  • Step 12, which checks mixed-script labels for a number of known dangerous patterns.
  • Step 13, which checks mixed-script labels which look confusingly similar to a database of top domains.
// Non-spoofs are allowed.
// It doesn't just reject all Unicode 😅

WebURL.Domain("example.com")?.render(.checkedUnicodeString) // ✅ "example.com"
WebURL.Domain("a.أهلا.com")?.render(.checkedUnicodeString)   // ✅ "a.أهلا.com"
WebURL.Domain("你好你好")?.render(.checkedUnicodeString)     // ✅ "你好你好"

// But it does catch some actual spoofs, too.
// These are not the domains they might look like.

WebURL.Domain("раγpal.com")?.render(.checkedUnicodeString) // ✅ "xn--pal-vxc83d5c.com"
WebURL.Domain("аpple.com")?.render(.checkedUnicodeString)  // ✅ "xn--pple-43d.com"
WebURL.Domain("16კ.com")?.render(.checkedUnicodeString)    // ✅ "xn--16-1ik.com"
        
// Sometimes this includes specific rules for particular TLDs,
// such as only allowing "ə" (Latin Schwa, U+0259) in Azerbaijani domains

WebURL.Domain("əpple.com")?.render(.checkedUnicodeString)  // ✅ "xn--pple-u6b.com"
WebURL.Domain("əpple.az")?.render(.checkedUnicodeString)   // ✅ "əpple.az"
You might also like...
CRRateLimitTester - Simple Clash Royale Rate Limit Tester Written Using HummingBird and Swift

CRRateLimitTester Simple Clash Royale Rate Limit Tester Written Using HummingBir

CleanArchitecture - Helping project to learn Clean Architecture using iOS (Swift)

Clean Architecture Helping project to learn Clean Architecture using iOS (Swift)

BowTies - The main purpose of this application is to show how you can perform simple operations using Core Data
BowTies - The main purpose of this application is to show how you can perform simple operations using Core Data

BowTies The main purpose of this application is to show how you can perform simp

CloudKit, Apple’s remote data storage service, provides a possibility to store app data using users’ iCloud accounts as a back-end storage service.
CloudKit, Apple’s remote data storage service, provides a possibility to store app data using users’ iCloud accounts as a back-end storage service.

CloudKit, Apple’s remote data storage service, provides a possibility to store app data using users’ iCloud accounts as a back-end storage service. He

Ios-App-ication-Swift - A simple iOS application made in Xcode using Swift
Ios-App-ication-Swift - A simple iOS application made in Xcode using Swift

📱 iPhone Calculator A simple iOS application made in Xcode using Swift. This ap

OIDCLite implements the basics of getting a token using Apple's ASWebAuthenticationSession

OIDCLite While there are a few good Swift packages for Open ID Connect out there, most are /very/ heavyweight and can get quite complex. For projects

A practical interface to the Steamworks SDK using the Swift C++ importer

steamworks-swift A practical interface to the Steamworks SDK using the Swift C++ importer. Caveat Integrator: The Swift C++ importer is a chaotic scie

A Quick macOS app that will check a website's sitemap.xml against a new domain
A Quick macOS app that will check a website's sitemap.xml against a new domain

Migrator Quick and dirty native macOS app that will check a website's sitemap.xml against a new domain. When you're developing your new website and wa

SwiftUI TextEdit View - A proof-of-concept text edit component in SwiftUI & CoreText.
SwiftUI TextEdit View - A proof-of-concept text edit component in SwiftUI & CoreText.

A proof-of-concept text edit component in SwiftUI & CoreText. No UIKit, No AppKit, no UITextView/NSTextView/UITextField involved.

A very basic proof-of-concept Swift HTTP server that does not require Foundation

Swift Server Introduction This is very rough and basic HTTP server written in Swift without using Foundation. This is partially based on the Swifter r

A network extension app to block a user input URI. Meant as a network extension filter proof of concept.
A network extension app to block a user input URI. Meant as a network extension filter proof of concept.

URIBlockNE A network extension app to block a user input URI. Meant as a network extension filter proof of concept. This is just a research effort to

Proof-of-concept `WKWebview.evaluateJavaScript(...)` replacement for WebSocket-based Javascript execution.

Proof-of-concept `WKWebview.evaluateJavaScript(...)` replacement for WebSocket-based Javascript execution.

Proof concept of modularized app with SwiftPackages built over MVI + Combine + SwiftUI in a single repo
Proof concept of modularized app with SwiftPackages built over MVI + Combine + SwiftUI in a single repo

PKDex-iOS Proof concept of modularized app with SwiftPackages built over MVI + Combine + SwiftUI in a single repo Introduction This project is a proof

QR2Pass: a proof of concept for an alternative (passwordless) authentication system to a web server

QR2Pass This is a proof of concept for an alternative (passwordless) authenticat

A proof of concept of the VIPER architecture

This project contains a proof of concept of the VIPER architecture. For this we are going to make use of the public API tmdb, with which we will implement a search engine, a list and a view detail.

TCC ClickJacking - A proof of concept for a clickjacking attack on macOS
TCC ClickJacking - A proof of concept for a clickjacking attack on macOS

A proof of concept for a ClickJacking attack on macOS. Why? TCC (Transparency, Consent, and Control) restricts and control applicatio

Proof of concept app for trying to integrate passkeys and WebAuthn into Vapor
Proof of concept app for trying to integrate passkeys and WebAuthn into Vapor

Vapor Passkey Demo Proof of concept app for trying to integrate passkeys and WebAuthn into Vapor Usage Clone the project, then in Terminal run swift r

A SwiftUI proof-of-concept, and some sleight-of-hand, which adds rain to a view's background
A SwiftUI proof-of-concept, and some sleight-of-hand, which adds rain to a view's background

Atmos A SwiftUI proof-of-concept, and some sleight-of-hand, which adds rain to a view's background. "Ima use this in my app..." Introducing Metal to S

The concept won first place in the Design Concept Award contest Season 1 in 2021.
The concept won first place in the Design Concept Award contest Season 1 in 2021.

TallyCounter Developed by Vladyslav Fil as part of the You are launched "Design Concept Award" contest Season #1. Tally Counter Micro-Interaction demo

Owner
Karl
Karl
Analytics layer abstraction, abstract analytics reporters and collect domain-driven analytic events.

?? Tentacles Current State: Work in Progress Documentation & Tests(100% completed, but needs refactoring and structuring) started but not done yet, im

Patrick 3 Dec 2, 2022
Commands providing shortcuts to common Postgres introspection queries (Swift port of heroku-pg-extras)

Commands providing shortcuts to common Postgres introspection queries (Swift port of heroku-pg-extras)

Sven A. Schmidt 2 May 27, 2022
A clicker-like game based on the concept of a Knight abandoned in space

A Knight in Space A clicker-like game based on the concept of a Knight abandoned in space. Team Members Albin Shrestha, Zac Galer, Connor Kite, and Ma

Albin Shrestha 1 Feb 7, 2022
A sample application showcasing Vapor 4 connecting to an Oracle database using SwiftOracle package.

vapor-oracle A sample application showcasing Vapor 4 connecting to an Oracle database using SwiftOracle package. In this Vapor application, we create

Ilia Sazonov 3 Sep 22, 2022
Shows the issue with swift using an ObjC class which has a property from a swift package.

SwiftObjCSwiftTest Shows the issue with swift using an ObjC class which has a property from a swift package. The Swift class (created as @objc derived

Scott Little 0 Nov 8, 2021
iForage helps foragers to track and manage foraging spots around them using CloudKit

iForage CloudKit Preface To expand on what I've created here: https://github.com/LynchConnor/iForage, I initially developed the app using Firebase. Th

Connor Lynch 3 Jul 14, 2022
A food delivery app using firebase as the database.

FDA-ONE Food Delivery Application is a mobile application that users can use to find the best restaurant around their location and order the meals the

Naseem Oyebola 0 Nov 28, 2021
Implement Student Admission System using SQlite

StudentAdmissionSQLiteApp Implement Student Admission System using SQlite. #Func

Hardik 2 Apr 27, 2022
Creating a Todo app using Realm and SwiftUI

Realmで作るTodoアプリ note記事「【SwiftUI】Realmを使ってTodoアプリを作る」のソースです。

null 1 Jul 20, 2022
Innova CatchKennyGame - The Image Tap Fun Game with keep your scores using Core Database

Innova_CatchKennyGame The Image Tap Fun Game with keep your scores using Core Da

Alican Kurt 0 Dec 31, 2021