Saturday, 24 March 2018

[QRL Jacking] A new Social Engineering Attack on Whatsapp Web Session hijacking | How to be safe ?

Hello friends once again welcome here in this advance hacking blog.Now today i am going to talk about “QRL Jacking"

QRL Jacking@myteachworld.com

What is QRL Jacking?

QRL Jacking or Quick response code login jacking is a simple social engineering attack vector capable of session hijacking affecting all application that rely on the “Login with QR code” feature as a secure way to login into accounts. In a nutshell, the victim scans the attacker’s QR code which results nutshell, the victim scans the attacker’s QR code which results in session hijacking.

By cloning the hackers QR code through QRL jacking, you can access Victim by accessing it on your system, and once WhatsAppSpace is open, then WhatsApp's messages can be viewed. Anyone can be given a message, the current GPS location can be seen. Apart from this, more sensitious information can be seen.

READ MORE:

How does this process work?

In the Normal Condition when you scan the whatsapp web's QR code in your mobile, then Mobile App Secret Authentication Token generates and sends the website. The website verifies it. And you also get the Whatsapp session open.

QRK jacking Attack flow@myteachworld.com


In the QR jacking, the Whataspp session is high-jack. In this, the attacker creates a phising page by making a whatsapp web page of QR Code, when Victim scans the phising page with its phone QR code, and the authentication token that generates is reached on the attacker's server.
Attacher verifies it by doing it. Victim whatsapp access  on their system.
Now that we know the basics let’s see how QRLJacking attack works. The team responsible for creation of this attack presents a small visualization:

QRK jacking Attack flow@myteachworld.com

Note : Note: This post is only for educational purpose.I did't harm anyone, I used my own device during explain of this method so please don't use this method any kind of illegal or malicious activities because hacking is crime if you do this then it's can land you in jail.I'm not support any kind of illegal or malicious hacking.
INSTALLATION:

So if you are new to Kali linux, then copy and paste these commands in terminal window step by step.
Commond:
Type one by one commond and hit enter button-
cd Desktop             # Go to the desktop directory.
apt-get install python
git clone https://github.com/OWASP/QRLJacking.git
cd QRLJacking
cd QrlJacking-Framework 
pip install –r requirements.txt
python QRLJacker.py

Now this tool will open. There are so many QRL Attack that you can do it.

QRL JACKER@myteachworld.com


WORKING  METHOD:

So friends have many attacks here like chat applications, mailing service, ecommerce, online banking, such dangerous attacks.
Step1; 1st option will choose -> Chat Applications

Step2; Now Whatsapp, Wechat App Options will come, we have to hack WhatsApp so that 1 st option will choose -> Whatsapp.

Step3; Now you will ask that port. You can put any port.  In my case I have put port: 80.
And you will see a link to whatsapp and the QRL code will be in front of you.

whatsapp web@myteachworld.com


If someone scans the QRL code, then you will see all the things.

How to be safe?

Friends, these are social engineering tricks. Your alertness can save you. Do not scan such code with your whatsapp, when someone says it.  Check the  Web of whatsapp app
if there is any suspicious entry on it, then click on "log out from all computers"

           If you liked this post, please do not forget to share it, without your support, I can not reach this knowledge even further, so help me by sharing my post so that I can bring you a tricks more than one To share the post ,you can use the share buttons given below, and , If you face some problem in any steps please drop your email by going to contact us section of this site. thank you so much ,stay tune with this blog and blog's admin Mr. Aditya Singh
>>>>>>>>>>>>>>>>>>>>>>>>>>> thank you<<<<<<<<<<<<<<<<<<<<<<<<<<<<<


No comments:

Post a Comment