web.whatsapp.com Hack Tutorial Step by Step Explanation

web.whatsapp.com Hack Tutorial Step by Step Explanation.

Hello Friends! Today’s post is going to be quite interesting for you guyz because this time we are going to learn How to Hack WhatsApp by web.whatsapp.com hack & how to stay safe from this attack. Here I am using a tool, named QRLJacking for hijacking WhatsApp session & peform web.whatsapp.com hack. QRLJacking (Quick Response Login Jacking) and it is a social engineering tool which means it works on our social engineering doing skills. You all must be aware of WhatsApp Web and its uses, i.e. you can run WhatsApp on your Computer as well.

If  web.whatsapp.com hack is open then you can see live messages, current location and many more sensitive Information.

How QRLJacking tool works?

Normally, whenever you scan the whatsapp web QR code then mobile generates a secret authentication token and send it to the website. Then website do verify this secret token if this token is successfully verify by the website then your whatsapp session is also open  in the computer. By using QRLJacking tool it creates a Phishing page of the QR Code of the whatsapp web and whenever victim scan this QR Code from his/her mobile phone then the generated authentication token is automatically send to the attacker’s server. After getting Authentication token successfully then attacker do verify it from the whatsapp web website and then attacker see all the messages of the victim.

Let’s see the Practical session 

So, firstly you must have to download this tool by clicking here. for your Kali Linux machine. You can also download  it on your computer by typing git clone https://github.com/OWASP/QRLJacking in your terminal.

After downloading this tool on your Linux type cd QRLJacking/ to go inside the QRLJacking folder then type cd QrlJacking-Framework/ to go inside this folder. When you reach this folder just install your requirements.txt file by typing pip install -r requirements.txt

After installing this requirements.txt file you need to type python QrlJacker.py to run this python script. Now, you can see here Framework is now open. So, for whatsapp we type 1 for selecting Chat Applications.

Then we also type 1 for selecting WhatsApp. Then type port Number on which you wants to open this on your browser. So, I type here 80 and hit Enter

This will automatically open web.whatsapp.com on your browser and to see your phishing page. You all need to type your system IP to see this fake page on your browser.

You can see here your Phishing page is ready. Now, whenever your web.whatsapp.com QR Code is change then in your Phishing page it will automatically change. You can also do modification on it’s index.html page and convert it similar to the web.whatsapp.com  . This depends upon the attacker’s skills that how similar page is created by him. Whenever victim scan this QR Code then in your web.whatsapp.com tab whatsapp session will automatically open.

How to be Safe from this Attack?

• This is a Social Engineering Trick. Your Awareness is the only step by which you can save yourself from all these attacks.
• Check your WhatsApp web on your mobile phone. If you found any unidentified entry their then click on Log Out From all Computers. This will Log Out your whatsapp web session everywhere in the world.