Welcome to our community

Be apart of something great, join today!

QRLJacking – A New Social Engineering Attack Vector to Access Victim's WhatsApp Account

1754820680231.webp

QRLJacking – A New Social Engineering Attack Vector to Access Victim's WhatsApp Account


📖 Documentation: OWASP QRLJacking Wiki

What is QRLJacking?
QRLJacking (Quick Response Code Login Jacking) is a social engineering attack vector that targets services using "Login with QR code" as authentication.
In simple terms: The victim scans the attacker’s QR code, leading to session hijacking.

---

💻 Exploitation: Attacker's Client Side Setup

Tool: QRLJacker – QRLJacking Exploitation Framework

  • Highly customizable exploitation framework.
  • Demonstrates how easy it is to hijack QR Code–based login systems.
  • Designed to raise awareness of the risks of QR Code authentication.

🎥 Demo Video: WhatsApp Web MITM Attack Demo
📺 YouTube Tutorial: Installing & Running QRLJacker

---

⚙️ Prerequisites

  • Linux or macOS (Not supported on Windows)
  • Python 3.7+
  • Latest Firefox browser
  • Latest Geckodriver

Code:
chmod +x geckodriver
sudo mv -f geckodriver /usr/local/share/geckodriver
sudo ln -s /usr/local/share/geckodriver /usr/local/bin/geckodriver
sudo ln -s /usr/local/share/geckodriver /usr/bin/geckodriver

---

📦 Installation Steps

Code:
git clone https://github.com/OWASP/QRLJacking
cd QRLJacking/QRLJacker
pip install -r requirements.txt
python3 QrlJacker.py --help

---

💡 Tested On

  • Ubuntu 18.04 (Bionic Beaver)
  • Kali Linux 2018.x and above

---

🔧 Core Features

  • Autocomplete commands & typo correction
  • Search modules by name, description, or author
  • Resource file automation
  • Session & job management
  • Development & debug modes

---

 
Last edited:
Back
Top Bottom