Skip to content

Latest commit

 

History

History
114 lines (94 loc) · 4.96 KB

README.md

File metadata and controls

114 lines (94 loc) · 4.96 KB


  • If you like the tool and for my personal motivation so as to develop other tools please leave a +1 star

What is QRLJacking?


QRLJacking, also known as Quick Response Code Login Jacking, is a straightforward yet highly malicious attack method that targets applications utilizing the "Login with QR code" feature as a supposedly secure means of account access. The primary objective of this attack is to hijack users' sessions, enabling attackers to gain unauthorized access to their accounts


Installation ☑️

python -m venv venv
venv\Scripts\activate
pip install pyautogui pyzbar Pillow Flask pyocr pytesseract

If you get dll error in pyzbar module visit this site: https://stackoverflow.com/questions/64570443/q-how-to-fix-the-missing-dependancies-in-pyzbar

Requirements 🧾

To install Tesseract OCR on Windows, follow these steps:

  • Download the Tesseract OCR Installer:

  • Visit the Tesseract OCR GitHub page: https://github.com/tesseract-ocr/tesseract

  • Scroll down to the "Downloads" section and click on "tesseract-ocr-w64-setup-v5.x.x.exe" (where "x.x" represents the version number) to download the Windows installer for Tesseract OCR.

Run the Tesseract Installer

  • Double-click on the downloaded "tesseract-ocr-w64-setup-v5.x.x.exe" file to run the installer.

  • Choose Components (Optional) During the installation, you will be asked to select the components to install. You can keep the default options or customize them based on your needs. At a minimum, make sure the "Tesseract OCR" component is selected.

  • Set Installation Path (Optional) The installer will prompt you to choose an installation directory. You can keep the default or specify a different one. If you change the path, make sure to remember it for later steps.

Add Tesseract to path

Just add the folder to the Path under Windows (not sure with Win7)

  • Control Panel > System and Security > System >
  • Advanced system settings > Advanced > Environment variables > PATH > New

Add this to path

C:\Program Files\Tesseract-OCR

Note : After adding Tesseract-OCR to path make sure to restart your pc


EvilJack in Action


  • Run evil_jack.py and server.py
  • Open web.whatsapp.com in a separate window in your browser. Note: Do not close or minimize the window because EvilJack will continuously take screenshots of the QR code on web.whatsapp.com and send them to our phishing page.
  • Now send the phishing link 127.0.0.1:5000 to victim . Note the link 127.0.0.1:5000 only work if victim connected to same network .To perform the attack outside the wan use ngrok or portmap.io
  • After the victim scans the code, you will gain access to his WhatsApp session. Additionally, after the victim has scanned the QR code, he will be automatically redirected to a fake verification page

Note : Make sure you forward Port:5000 in portmap.io


Screenshots

---

EvilJack Demo

evil.mp4

script to auto click the QR code reload element on whatsappweb

Open chrome/firefox and navigate to console tab from developer option and paste the following code

function checkAndClickButton() {
  const button = document.querySelector('.Jht5u');
  if (button) {
    button.click();
  }
}

// Set an interval to periodically check and click the button (e.g., every 5 seconds)
setInterval(checkAndClickButton, 2000);

EvilJack tested on following sites

  • Whatsapp
  • Telegram
  • Discord
  • steam
  • AirDroid
  • Tiktok

Disclaimer ⚠️

swagkarna Provides no warranty and will not be responsible for any direct or indirect damage caused by this tool.
EVILJACK is built for Educational and Internal use ONLY.