Qrljacker V2.0 - Qrljacking Exploitation Framework
QRLJacker is a highly customizable exploitation framework to demonstrate "QRLJacking Attack Vector" to exhibit how it is slow to hijack services that depend on the QR Code equally an authentication as well as login method, Mainly it aims to heighten safety awareness regarding all the services using the QR Code equally the principal means to login users to unlike services!
Prerequisites earlier installing:
- Linux or MacOS. (Not working on windows)
- Python 3.7+
Installing instructions:
- Update Firefox browser to the latest version
- Install the latest geckodriver from https://github.com/mozilla/geckodriver/releases as well as extract the file as well as therefore exercise :
chmod +x geckodriversudo mv -f geckodriver /usr/local/share/geckodriversudo ln -s /usr/local/share/geckodriver /usr/local/bin/geckodriversudo ln -s /usr/local/share/geckodriver /usr/bin/geckodriver
- Clone the repo amongst
git clone https://github.com/OWASP/QRLJackingas well as therefore exercisecd QRLJacking/QRLJacker - Install all the requirements amongst
pip install -r requirements.txt - Now yous tin run the framework amongst
python3 QrlJacker.py --help
Tested on
- Ubuntu 18.04 Bionic Beaver
- Kali Linux 2018.x as well as up
Usage
Commandline arguments
usage: QrlJacker.py [-h] [-r ] [-x ] [--debug] [--dev] [--verbose] [-q] optional arguments: -h, --help exhibit this assist message as well as boot the bucket -r Execute a resources file (history file). -x Execute a specific ascendance (use ; for multiples). --debug Enables debug manner (Identifying problems easier). --dev Enables evolution manner (Reloading modules every use). --verbose Enables verbose manner (Display to a greater extent than details). -q Quit manner (no banner). Main bill of fare help
General commands ================= Command Description --------- ------------- help/? Show this assist menu. bone Execute a organisation ascendance without closing the framework banner Display banner. exit/quit Exit the framework. Core commands ============= Command Description --------- ------------- database Prints the essence version as well as and therefore banking concern tally if it's up-to-date. debug Drop into debug manner or disable it. (Making identifying problems easier) dev Drop into evolution manner or disable it. (Reload modules every use) verbose Drop into verbose manner or disable it. (Make framework displays to a greater extent than details) reload/refresh Reload the modules database. Resources commands ================== Command Description --------- ------------- history Display commandline most of import history from the beginning. makerc Save the most of import commands entered since start to a file. resources Run the commands stored inwards a file. Sessions management commands ============================ Command Description --------- ------------- sessions (-h) Dump session listings as well as display information nigh sessions. jobs (-h) Displays as well as manages jobs. Module commands =============== Command Description --------- ------------- list/show List modules yous tin use. utilization Use an available module. information Get information nigh an available module. previous Runs the previously loaded module. search Search for a module past times a specific text inwards its lift or inwards its description. Module bill of fare help
General commands ================= Command Description --------- ------------- help/? Show this assist menu. bone Execute a organisation ascendance without closing the framework banner Display banner. exit/quit Exit the framework. Core commands ============= Command Description --------- ------------- database Prints the essence version as well as and therefore banking concern tally if it's up-to-date. debug Drop into debug manner or disable it. (Making identifying problems easier) dev Drop into evolution manner or disable it. (Reload modules every use) verbose Drop into verbose manner or disable it. (Make framework displays to a greater extent than details) reload/refresh Reload the modules database. Resources commands ================== Command Description --------- ------------- history Display commandline most of import history from the beginning. makerc Save the most of import commands entered since start to a file. resources Run the commands stored inwards a file. Sessions management commands ============================ Command Description --------- ------------- sessions (-h) Dump session listings as well as display information nigh sessions. jobs (-h) Displays as well as manages jobs. Module commands =============== Command Description ---------- -------------- list/show List modules yous tin use. options Displays options for the electrical flow module. laid Sets a context-specific variable to a value. run Launch the electrical flow module. utilization Use an available module. information Get information nigh an available module. search Search for a module past times a specific text inwards its lift or inwards its description. previous Sets the previously loaded module equally the electrical flow module. dorsum Move dorsum from the electrical flow context. Sessions ascendance assist menu
usage: sessions [-h] [-l] [-K] [-s] [-k] [-i] optional arguments: -h Show this assist message. -l List all captured sessions. -K Remove all captured sessions. -s Search for sessions amongst a specifed type. -k Remove a specifed captured session past times ID -i Interact amongst a captured session past times ID. Jobs ascendance assist menu
usage: jobs [-h] [-l] [-K] [-k] optional arguments: -h Show this assist message. -l List all running jobs. -K Terminate all running jobs. -k Terminate jobs past times project ID or module lift Taking payoff of the core
Commands autocomplete
The autocomplete characteristic that has been implemented inwards this framework is non the commons ane yous ever see, hither are around highlights:- It's designed to gear upwardly typos inwards typed commands to the most similar ascendance amongst simply ane tab click therefore
saerchbecomessearchas well as therefore on, fifty-fifty if yous typed whatever random discussion similar to an ascendance inwards this framework.
- For yous lazy-ones out at that spot similar me, it tin predict what module yous are trying to utilization past times typing whatever purpose of it. For instance if yous typed
use whas well as clicked tab, it would last replaced amongstuse grabber/whatsappas well as therefore on. I tin come across your smile, You are welcome!
- If yous typed whatever incorrect ascendance as well as therefore pressed enter, the framework volition say yous what is the nearest ascendance to what yous cause got typed which could last the ane yous actually wanted.
- Some less impressive things similar autocomplete for options of the electrical flow module later
setcommand, autocomplete for modules lateruseas well asinfocommands as well as in conclusion it converts all working capital missive of the alphabet to lowercase automatically just-in-case yous switched cases past times error piece typing.
- Finally, you'll respect the normal autocompletion things yous were using before, similar commands autocompletion as well as persistent history, etc...
Automation
- As yous may noticed, yous tin utilization a resources file from command-line arguments earlier starting the framework itself or post commands directly.
- Inside the framework yous tin utilization
makercascendance similar inwards Metasploit but this fourth dimension it alone saves the right of import commands. - There are
historyas well asresourcecommands therefore yous don't demand to boot the bucket the framework. - You tin execute equally many commands equally yous desire at the same fourth dimension past times splitting them amongst semi-colon as well as many to a greater extent than left to last discovered past times yourself.
- Searching for modules inwards QRLJacker is therefore easy, yous tin search for a module past times its name, something written inwards its description or fifty-fifty the writer name.
