QRLJacking or Quick Response Code Login Jacking is a simple social engineering attack vector capable of hijacking the session and affecting all applications that rely on QR Code Login as security to log into your account. QR code leads to session hijacking.
How to download and install the QrlJacking tool?
Step 1: Download the Tool
1. First, we need to download the QRLJacking tool, so run the following command in your terminal.
git clone https://github.com/OWASP/QRLJacking.git
2. Now change the directory to QRLJacking, so enter the following command in your terminal.
3. Now again change the directory to QRLJacker
Step 2: Run the tool
1. Then set the requirements for the QRLJacking tool, so enter the following command in your terminal.
pip install -r requirements.txt
2. After that run the Qrljacker.py python file so execute the following command.
Step 3: Hack Whatsapp
1. First you need to select the WhatsApp session hijacking module so enter the below command on your QRLJacking terminal.
2. Now set the following required parameter
set host (your local ip (or) ngrok) set port 4444
3. Then type the run command to execute the whatsapp grabber module
6. Once you get the above message you will type the following command on your QRLJacker terminal to access the victim WhatsApp account
session -i 0