Last year I had fun with apples safari and mail:
tᴏ.com vs to.com vs tᴑ.com
This ended up in CVE-2017-7106 and CVE-2017-7152
I wrote about this in
Additionally I built a "live js injection reverse proxy" for demonstration purposes on https://ṫo.com
It's not dirty on your screen, its a special T and it works.
Nice! I love the blog post.
We're a place where coders share, stay up-to-date and grow their careers.
We strive for transparency and don't collect excess data.