QRLJacking – QrlJacking Exploitation Framework

qrljacking-kali-linux

QRLJacking or Quick Response Code Login Jacking is a simple-but-nasty attack vector affecting all the applications that relays on “Login with QR code” feature as a secure way to login into accounts which aims for hijacking users session by attackers.

What is QRLJacking?

QRLJacking or Quick Response Code Login Jacking is a simple social engineering attack vector capable of session hijacking affecting all applications that rely on the “Login with QR code” feature as a secure way to login into accounts. In a nutshell, the victim scans the attacker’s QR code which results in session hijacking.

Download QRLJacking from github
git clone https://github.com/OWASP/QRLJacking.git
Run QRLJacking
cd QRKJacking/QrlJacking-Framework
pip install -r requiremets.txt
chmod +x QRLJacker.py
python QRLJacker.py
After run, select first option Chat Application, then select WhatsApp. Wait for a while it will launch an attack. and Just copy the link (for example http://localhost:1337) and send it to the victim or convince victim to scan the malicious QR code….

LEAVE A REPLY

Please enter your comment!
Please enter your name here