opening certain link results in www.xn-- prefix Topic is solved

Talk about code development, features, specific bugs, enhancements, patches, and similar things.
Forum rules
Please keep everything here strictly on-topic.
This board is meant for Pale Moon source code development related subjects only like code snippets, patches, specific bugs, git, the repositories, etc.

This is not for tech support! Please do not post tech support questions in the "Development" board!
Please make sure not to use this board for support questions. Please post issues with specific websites, extensions, etc. in the relevant boards for those topics.

Please keep things on-topic as this forum will be used for reference for Pale Moon development. Expect topics that aren't relevant as such to be moved or deleted.
User avatar
cartel
Lunatic
Lunatic
Posts: 475
Joined: 2014-03-16, 21:57
Location: Chilliwack, BC

opening certain link results in www.xn-- prefix

Unread post by cartel » 2023-02-12, 11:24

When I try to open this link: https://www.bіtchutе.com/video/1fqAKgpoovGp/

I get:

Code: Select all

https://www.xn--btchut-8of2x.com/video/1fqAKgpoovGp/
Did I screw something up?

thanks
ImageImage

User avatar
Nuck-TH
Project Contributor
Project Contributor
Posts: 197
Joined: 2020-03-02, 16:04

Re: opening certain link results in www.xn-- prefix

Unread post by Nuck-TH » 2023-02-12, 11:32

this means that domain name has non-latin characters, usually meaning that it is obfuscated fake.
prefix itself is part of URL encoding named Punycode, which is used to encode unicode characters into strictly latin URL.

User avatar
cartel
Lunatic
Lunatic
Posts: 475
Joined: 2014-03-16, 21:57
Location: Chilliwack, BC

Re: opening certain link results in www.xn-- prefix

Unread post by cartel » 2023-02-12, 12:01

Nuck-TH wrote:
2023-02-12, 11:32
this means that domain name has non-latin characters, usually meaning that it is obfuscated fake.
prefix itself is part of URL encoding named Punycode, which is used to encode unicode characters into strictly latin URL.
https://www.dell.com/community/Virus-Sp ... -p/5110599
viewtopic.php?f=1&t=14724&p=105790&hili ... de#p105790
I found this on it.
browser.identity.display_punycode
can I change that to 0 to disable it?
When it says " IDN domain name will be displayed in its punycode form" is that only in the address bar?

thanks!
ImageImage

User avatar
sidology
Moon lover
Moon lover
Posts: 79
Joined: 2021-12-04, 22:07

Re: opening certain link results in www.xn-- prefix

Unread post by sidology » 2023-02-12, 12:14

cartel wrote:
2023-02-12, 11:24
When I try to open this link: https://www.bіtchutе.com/video/1fqAKgpoovGp/

I get:

Code: Select all

https://www.xn--btchut-8of2x.com/video/1fqAKgpoovGp/
You have a fake link, this one is correct https://www.bitchute.com/video/1fqAKgpoovGp/

Read this Chrome and Firefox Phishing Attack Uses Domains Identical to Known Safe Sites

User avatar
Pentium4User
Board Warrior
Board Warrior
Posts: 1111
Joined: 2019-04-24, 09:38

Re: opening certain link results in www.xn-- prefix

Unread post by Pentium4User » 2023-02-12, 12:56

That is called IDN and offers non-ASCII characters in domains, like störenfried.de or москва.рф.

Some people use them to offer links that look like another address, like exchanging Latin a with Cyrillic а (depending if the TLD allows it).
The profile picture shows my Maico EC30 E ceiling fan.

User avatar
Moonchild
Pale Moon guru
Pale Moon guru
Posts: 35475
Joined: 2011-08-28, 17:27
Location: Motala, SE
Contact:

Re: opening certain link results in www.xn-- prefix

Unread post by Moonchild » 2023-02-12, 13:01

Also note that IDNs by default in Pale Moon will be indicated in the identity box in their punycode form.
See also: viewtopic.php?f=24&t=15583
"Sometimes, the best way to get what you want is to be a good person." -- Louis Rossmann
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite

User avatar
cartel
Lunatic
Lunatic
Posts: 475
Joined: 2014-03-16, 21:57
Location: Chilliwack, BC

Re: opening certain link results in www.xn-- prefix

Unread post by cartel » 2023-02-12, 13:15

thanks for the replies.
So the link I posted has ascii art disguised as dots and such?
Like when I open that link by highlighting it and rightclick open link, I get a invalid address, www.xn--

Code: Select all

https://www.bitchute.com/video/1fqAKgpoovGp/
real

Code: Select all

https://www.bіtchutе.com/video/1fqAKgpoovGp
fake

I cant see it right here, thats interesting, but if I highlight and open, they both do different things.
So how do I stop that from happening again please, just so I know.
ImageImage

User avatar
gepus
Keeps coming back
Keeps coming back
Posts: 938
Joined: 2017-12-14, 12:59

Re: opening certain link results in www.xn-- prefix

Unread post by gepus » 2023-02-12, 16:17

If you hover over a link you can see if it is fake.
I made an HTML-file with the fake address for visualization:
Attachments
BC.png

User avatar
therube
Board Warrior
Board Warrior
Posts: 1650
Joined: 2018-06-08, 17:02

Re: opening certain link results in www.xn-- prefix

Unread post by therube » 2023-02-13, 18:32

That's a really good fake.
Thanks.
.
Bitchute is it real or is it memorex.png

User avatar
Moonchild
Pale Moon guru
Pale Moon guru
Posts: 35475
Joined: 2011-08-28, 17:27
Location: Motala, SE
Contact:

Re: opening certain link results in www.xn-- prefix

Unread post by Moonchild » 2023-02-13, 18:52

cartel wrote:
2023-02-12, 13:15
I cant see it right here, thats interesting, but if I highlight and open, they both do different things.
If you check both links in ANSI encoding (e.g. in notepad++), you can easily see how it was spoofed:

Code: Select all

https://www.bіtchutе.com/video/1fqAKgpoovGp
https://www.bitchute.com/video/1fqAKgpoovGp/
The "i" and "e" of "bitchute" were replaced with "lookalike" characters from extended language ranges in UTF-8. Specifically "і" (dotted i from Cyrillic) and "е" (Ye, also in Cyrillic)

UTF-8 capable applications like web browsers and most modern text editors will display it visually (almost) identical (depending on the font in use there might literally 0 difference in how it's displayed).
"Sometimes, the best way to get what you want is to be a good person." -- Louis Rossmann
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite

User avatar
RealityRipple
Astronaut
Astronaut
Posts: 647
Joined: 2018-05-17, 02:34
Location: Los Berros Canyon, California
Contact:

Re: opening certain link results in www.xn-- prefix

Unread post by RealityRipple » 2023-02-14, 09:02

This is why serif fonts with non-duplicate characters should be a security requirement for so many URI displays. It astounds me that literally every browser uses sans-serif for their address bar.

User avatar
cartel
Lunatic
Lunatic
Posts: 475
Joined: 2014-03-16, 21:57
Location: Chilliwack, BC

Re: opening certain link results in www.xn-- prefix

Unread post by cartel » 2023-02-14, 10:31

Moonchild wrote:
2023-02-13, 18:52
cartel wrote:
2023-02-12, 13:15
I cant see it right here, thats interesting, but if I highlight and open, they both do different things.
If you check both links in ANSI encoding (e.g. in notepad++), you can easily see how it was spoofed:

Code: Select all

https://www.bіtchutе.com/video/1fqAKgpoovGp
https://www.bitchute.com/video/1fqAKgpoovGp/
The "i" and "e" of "bitchute" were replaced with "lookalike" characters from extended language ranges in UTF-8. Specifically "і" (dotted i from Cyrillic) and "е" (Ye, also in Cyrillic)

UTF-8 capable applications like web browsers and most modern text editors will display it visually (almost) identical (depending on the font in use there might literally 0 difference in how it's displayed).
thanks. Now I can undersand what going on there.
ImageImage

User avatar
Moonchild
Pale Moon guru
Pale Moon guru
Posts: 35475
Joined: 2011-08-28, 17:27
Location: Motala, SE
Contact:

Re: opening certain link results in www.xn-- prefix

Unread post by Moonchild » 2023-02-14, 14:23

RealityRipple wrote:
2023-02-14, 09:02
serif fonts with non-duplicate characters
I don't think it has much to do with being serif or sans-serif, but rather with the non-duplicate nature of the characters.
These characters are very very similar (or identical) in many serif fonts too.

What actually astounds me is that IDNs were accepted as a standard, knowing full-well the risks of spoofing from the start. And it actually never took off either - I barely ever see IDNs being in use these days. And it's been years since they introduced it.
Attachments
Image1.png
Image1.png (3.82 KiB) Viewed 1277 times
"Sometimes, the best way to get what you want is to be a good person." -- Louis Rossmann
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite

User avatar
RealityRipple
Astronaut
Astronaut
Posts: 647
Joined: 2018-05-17, 02:34
Location: Los Berros Canyon, California
Contact:

Re: opening certain link results in www.xn-- prefix

Unread post by RealityRipple » 2023-02-15, 09:21

Moonchild wrote:
2023-02-14, 14:23
RealityRipple wrote:
2023-02-14, 09:02
serif fonts with non-duplicate characters
I don't think it has much to do with being serif or sans-serif, but rather with the non-duplicate nature of the characters.
These characters are very very similar (or identical) in many serif fonts too.

What actually astounds me is that IDNs were accepted as a standard, knowing full-well the risks of spoofing from the start. And it actually never took off either - I barely ever see IDNs being in use these days. And it's been years since they introduced it.
The serif portion is to prevent things like "m/rn" confusion.

Locked