- If you like the tool and for my personal motivation so as to develop other tools please leave a +1 star
QRLJacking, also known as Quick Response Code Login Jacking, is a straightforward yet highly malicious attack method that targets applications utilizing the "Login with QR code" feature as a supposedly secure means of account access. The primary objective of this attack is to hijack users' sessions, enabling attackers to gain unauthorized access to their accounts
python -m venv venv
venv\Scripts\activate
pip install pyautogui pyzbar Pillow Flask pyocr pytesseract
If you get dll error in pyzbar module visit this site: https://stackoverflow.com/questions/64570443/q-how-to-fix-the-missing-dependancies-in-pyzbar
To install Tesseract OCR on Windows, follow these steps:
-
Download the Tesseract OCR Installer:
-
Visit the Tesseract OCR GitHub page: https://github.com/tesseract-ocr/tesseract
-
Scroll down to the "Downloads" section and click on "tesseract-ocr-w64-setup-v5.x.x.exe" (where "x.x" represents the version number) to download the Windows installer for Tesseract OCR.
-
Double-click on the downloaded "tesseract-ocr-w64-setup-v5.x.x.exe" file to run the installer.
-
Choose Components (Optional) During the installation, you will be asked to select the components to install. You can keep the default options or customize them based on your needs. At a minimum, make sure the "Tesseract OCR" component is selected.
-
Set Installation Path (Optional) The installer will prompt you to choose an installation directory. You can keep the default or specify a different one. If you change the path, make sure to remember it for later steps.
- Control Panel > System and Security > System >
- Advanced system settings > Advanced > Environment variables > PATH > New
C:\Program Files\Tesseract-OCR
_LI.jpg)
- Run evil_jack.py and server.py
- Open web.whatsapp.com in a separate window in your browser. Note: Do not close or minimize the window because EvilJack will continuously take screenshots of the QR code on web.whatsapp.com and send them to our phishing page.
- Now send the phishing link
127.0.0.1:5000to victim . Note the link127.0.0.1:5000only work if victim connected to same network .To perform the attack outside the wan use ngrok or portmap.io - After the victim scans the code, you will gain access to his WhatsApp session. Additionally, after the victim has scanned the QR code, he will be automatically redirected to a fake verification page
evil.mp4
Open chrome/firefox and navigate to console tab from developer option and paste the following code
function checkAndClickButton() {
const button = document.querySelector('.Jht5u');
if (button) {
button.click();
}
}
// Set an interval to periodically check and click the button (e.g., every 5 seconds)
setInterval(checkAndClickButton, 2000);
- Telegram
- Discord
- steam
- AirDroid
- Tiktok
swagkarna Provides no warranty and will not be responsible for any direct or indirect damage caused by this tool.
EVILJACK is built for Educational and Internal use ONLY.