Firefox Domain Guessing Spoofing Fun.

Publicated on : 1202039552
Just for the fun of it, to go about the previous spoofing fun where Firefox fetches the certificate first --which could be used in spoofing ssl connections to unaware surfers-- here is another issue that caught my eye. Opera happily asks if that server I want to go to is legit. Why doesn't Firefox ask me this? I don't know. Firefox as well as other browsers have this nifty feature that if you enter a keyword in the url-bar, it will look up it's hostname and as a result send you to the domain it found based on that. The requirement to exploit this is to have a guessable hostname. If a website is popular enough it will be the case. So it's best to consider this an abuse of domain name guessing. Still, I don't like that it happens. On the other hand it can also trick filters that only look for the first part of a hostname. Or it can be used to trick SPAM filters. No, not zero-day today, just regular fun with browsers.

So what else can we do?