About Teletype
Join
Deldroid
@deldroid
June 26, 2023

Telegram IDN URL trick

Part 1: Introduction

Hello, guys. This article is about interesting IDN URL abuse in the Telegram messenger, which can be used for scams and other harmful actions. Let's start!

Here is an explanation of IDN URLs from Wikipedia:

https://en.wikipedia.org/wiki/Internationalized_domain_name

In other words, these are URLs containing characters other than those in the Latin alphabet. This is possible because of Punycode transcription. Here is an example of Punycode encoded text (first 5 letters of the Cyrillic alphabet):

https://www.punycoder.com/

URL created using this encoding will look like this: httpt://xn--80acdef.com/

Now, let's move to Telegram. The main feature which will be used here is embedding links in text. For example, as here:

An interesting fact is that Telegram supports Punycode. And this is the feature which will be abused.

Part 2: Real example

Let's embed similar (mylink.com but "i" is Cyrillic) IDN URL in text and see its preview and pop-up window.

preview
pop-up window


Looks legit, doesn't it? (On very old Telegram clients - it doesn't. On the Telegram desktop also. At least at this moment) But what will happen if we open this?

screenshot from browser

Yes, the browser opened with the original, non-encoded link. Moreover, we can register such domain names. Even this one.

https://www.noip.com

On the noip.com this domain can be bought only for $15 per year! But of course, you can use any other registrar.

Part 3: Conclusion

As you can see, this is a very simple yet tricky method of attack. Also, it can be used to imitate popular websites and get the victim's IP. Bye)

P.S: If somebody found mistakes in this article, please let me know in the comments or DM me on Telegram - @deldroid. English is not my first language. Also, the range of Telegram client versions on which this thing works would be useful too. I will add it here.


Telegram nick: @deldroid
Channel: @deldroids_campfire
Co-author: @morimega

Please, donate) UwU
BTC: bc1qe48pqxch6ahn9qeclyn25sqxdlpqw2wqskvyxs
TON: EQBGIdCUesHAsvP7hJ8eb6OIHIBFbVoXG8dmBm43C3JBKMnw
XMR: 46sYtuRAMggbAfxAiBdizrJxdLGc8MJVZ2kfpUav6jZcM3CQAF1FPx1YsFMn8NWjwdgxuxMMEwfMFDr4ibckeRhb1TTxYED
ETH: 0x94Db4116b2C891AeF912f3E6609dFcb52f3EA264
TRX: TEBjyZfadEQncY87txkvKg2DLE32WgiKr4

Deldroid
June 26, 2023, 19:11
0 views
4 reactions
0 replies
0 reposts