Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Unicode mirror character?

Tags:

security

unicode

‮?retcarahc "rorrim" edocinu eht htiw detaicossa ytilibarenluv fo tros emos ereht sI

?ksir yna ereht erA ?rof ti si tahW

like image 775
OscarRyz Avatar asked Jun 25 '10 02:06

OscarRyz

People also ask

How do I type Unicode characters?

Inserting Unicode characters To insert a Unicode character, type the character code, press ALT, and then press X. For example, to type a dollar symbol ($), type 0024, press ALT, and then press X. For more Unicode character codes, see Unicode character code charts by script.

What is a mirror character?

A mirror character is essentially on your main character's side. Although he may push the hero, argue with him, irritate him – he is not the antagonist. He is there to show your hero who he really is.

What characters are Unicode?

Unicode covers all the characters for all the writing systems of the world, modern and ancient. It also includes technical symbols, punctuations, and many other characters used in writing text.

What is ascii Unicode?

Unicode is the universal character encoding used to process, store and facilitate the interchange of text data in any language while ASCII is used for the representation of text such as symbols, letters, digits, etc. in computers. ASCII : It is a character encoding standard for electronic communication.

2 Answers

We've talked about attacks using the RLO (U+202E RIGHT TO LEFT OVERRIDE) character in the past, which shifts the 'visual' display of a string from the position it's placed inside that string. So for example:

document[U+202E]fdp.exe visually looks like documentexe.pdf

I talked about these and other attacks of this sort here http://www.casaba.com/products/UCAPI/. In fact we're starting to hear of real world attacks using these techniques to bypass spam and other filters. Firefox closed a bug in their file download dialog box.

I see a big difference between attacks leveraging BIDI text and the playful sort of 'mirror' effects you get from tools like http://txtn.us/mirror-words-flip-text-reverse-words-upside-down-words-and-text.

!luʇmɿɒʜ ƨɒ mɘɘƨ ƚ'nƨɘob ƚxɘƚ bɘɿoɿɿim ɘʜƚ

like image 62
Weber Avatar answered Oct 11 '22 15:10

Weber

Well, you can abuse it for pishing attacks. Take this URL for example:

 ‮http://www.example.com?site/moc.elgoog.www//:ptth

It looks like if you click it it will take you to google.com, where in reality it will take you to example.com. Not all browsers support it, though.

like image 22
omni Avatar answered Oct 11 '22 14:10

omni
Sign in to Comment

Related questions

What's the difference between hex code (\x) and unicode (\u) chars?
Unicode Characters in ggplot2 PDF Output
Thai line breaking: how to break Thai text effectively
What does sorting mean in non-alphabetic (i.e, Asian) languages?
Why is the return value of String.addingPercentEncoding() optional?
How to use Unicode in C++?
What is the Unicode U+001A Character? Aka 0x1A
Writing pandas DataFrame to JSON in unicode
Matching only a unicode letter in Python re
Newline symbol unicode character
How to read Unicode input and compare Unicode strings in Python?
How to convert a unichar value to an NSString in Objective-C?
UnicodeEncodeError only when running as a cron job [duplicate]
The proper way to handle Unicode with C++ in 2018?
Is there a way to programmatically determine if a font file has a specific Unicode Glyph?
Unicode symbol that represent "download" [closed]
Convert UTF-16 to UTF-8 under Windows and Linux, in C
How to correctly parse UTF-8 encoded HTML to Unicode strings with BeautifulSoup? [duplicate]
Why UTF-32 exists whereas only 21 bits are necessary to encode every character?
How to convert a TCHAR array to std::string?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!