In this article, we are telling you about the QRL Jacking attack. What is QRL Jacking and how is this attack done? You are being told everything here.
This is a method by which hackers hack Whatsapp accounts. How hackers use QRL Jacking, how to create a genuine whatsapp qr code. All this cannot be told here.
But here we are telling you all how to use QRL Jacking here. All this is being told to you for educational purpose. Never miss it.
We are explaining here how QRL Jacking is redirected without sending a link to the victim here. We will also explain how by default html file can be changed.
QRL Jacking attack can also be used with MITM attack or ARP poisoning attack. As you have been told, it all depends on hackers how they use an attacker.
Note – This article is only for educational purpose. Don’t miss use your knowledge and skills.
What is QRL Jacking ?
Just like we all know about Whatsapp web, how can we open our Whatsapp account in the computer by scanning the QR Code, similar hackers use this QR Code in QRL Jacking attack.
Before learning all this practically, you should know how the QR Code works. Whenever we scan a WhatsApp account with a QR Code, such a unique code is generated, due to which we open our Whatsapp account in the computer. Can
In this case, the hackers generate this QR Code themselves, in such a way that when the normal user scans their Whatsapp account, that account is open near the hacker, in this way the QRL Jacking attack works.
QRL Jacking Practical ?
First of all, you have to install this tools from github. Here we are telling you about two tools. You must have heard one too. Here we are telling you about the do tools of QRL Jacking attack.
First of all you have to run some commands. You have to install gekodriver. First you install it from here.https://github.com/mozilla/geckodriver/releases
After installing from here it will be installed in the download folder. You have to use some commands to bring it to its proper place, if you do not do this, you may get an error.
chmod +x geckodriver
sudo mv -f geckodriver /usr/local/share/geckodriver
sudo ln -s /usr/local/share/geckodriver /usr/local/bin/geckodriver
sudo ln -s /usr/local/share/geckodriver /usr/bin/geckodriver
After all this you can clone the tool. Here it is necessary to install python3 and pip3. You can clone the tool here like this. git clone https://github.com/OWASP/QRLJacking/tree/master/QRLJacker .
First of all you have to install its requirements. After this you can use the Qrl Jacking tool. (python3 qrljacking.py). You can run it by giving this command.
The QRL Jacking tool runs something like this. With the help of this tool, qr session can be captured. This tool allows you to capture the qr code after scanning the victim.
Here you can see in the image above. You also have to perform the Qrl Jacking attack in this way. Here we have not set host. Because we are telling you using ngrok.
After doing all this you have to give the command (./ngrok http 1230). Here we have the same port diya that we set. After this, the setup for your QRL Jacking attack is complete.
All you have to do is send this link to the victim. When Victim opens it, it opens in this way. Whether you want to here, you can also make changes according to yourself.
It is open like this. Here it is by default but hackers change it as well. All this can not be told to you here. After this, when the victim scans, the session is found.
Here you can see the session has been found. In such a case, whtasapp account can be opened by using the session here. Here this tool has captured the session of whatsapp account.
Here, when you run the command in this way, the captured sessions run through QRL Jacking. It runs on the site of Whatsapp web.
When you see this practical yourself, then only you can understand its working. You do this practical on your own account. Do not do any kind of illegal activity.
How to use OHMYQR tool ?
There is another such tool that you are being told about. You might not have heard the name of this tool before. Like QRL Jacking it does not capture the session.
But this tool captures screenshots. First of all you have to install it. You have to install this tool as a root only. If you do not do this, you will get an error.
First of all you have to download the tool like this. git clone https://github.com/cryptedwolf/ohmyqr After downloading this tool, you can use it.
After running this tool something like this, you have to select the server. After selecting the server, this tool automatically opens the whatsapp web.
After running this tool in this way, when you scan in whatsweb, you will be able to see the screenshots are captured. Here is how this tool is used.
Here you can see that whatever you work in whatsapp here, this tool captures all your screenshots. This is how this tool works. All this has been told to you for educational purpose, do not missuse it.
I hope you come to know about the QRL Jacking attack. We have told you all this by using the default setting. But here too, files can be changed and used.
All this has been told to you for educational purpose. I hope that you will not miss the use of the tools mentioned here. You can do this on your own whatsapp account.
If you face any kind of problem while using all this, you can ask in the comments. We have told you here by proper use of both these tools.
If you like this article, then share it. You will get to see more such articles soon. Please subscribe to our blog for latest articles.
Sharing is Caring