QRLJacking or Quick Response Code Login Jacking is a simple-but-nasty attack vector affecting all the applications that relays on “Login with QR code” feature as a secure way to login into accounts which aims for hijacking users session by attackers.
What is QRLJacking?
QRLJacking or Quick Response Code Login Jacking is a simple social engineering attack vector capable of session hijacking affecting all applications that rely on the “Login with QR code” feature as a secure way to login into accounts. In a nutshell, the victim scans the attacker’s QR code which results in session hijacking.
Download QRLJacking from github
git clone https://github.com/OWASP/QRLJacking.git
pip install -r requiremets.txt
chmod +x QRLJacker.py
After run, select first option Chat Application, then select WhatsApp. Wait for a while it will launch an attack. and Just copy the link (for example http://localhost:1337) and send it to the victim or convince victim to scan the malicious QR code….