search

OWASP / QRLJacking

QRLJacking or Quick Response Code Login Jacking is a simple-but-nasty attack vector affecting all the applications that relays on “Login with QR code” feature as a secure way to login into accounts which aims for hijacking users session by attackers.
GNU General Public License v3.0
1.33k stars 617 forks source link

Browser not launch due to KeyError: 'whatsapp' error. Suggestion to just download the QR code to users home dir? #176

Open younesisbabe opened 1 year ago

younesisbabe commented 1 year ago

I get this error when I’m trying to launch the tool. Many are saying that the problem exists in geckodriver or Firefox that’s why it doesn’t show up. Is there any way the developer could make it so it doesn’t automatically have to launch Firefox and serve the QR code on a webserver? Instead, maybe make the tool create the malformed QR code and outputs it in the users directory. User then can manually create a phishing page or whatever they want during social engineering stage. It’ll be up to them. Such an awesome tool. Would be a shame if everybody forgets about this tool

QrlJacker > use grabber/whatsapp

< Module(grabber/whatsapp) > run [+] Using the default useragent [+] Running a thread to keep the QR image [whatsapp] Exception in thread QR updater thread: Traceback (most recent call last): File "/usr/lib/python3.10/threading.py", line 1009, in _bootstrap_inner [+] Waiting for sessions on whatsapp [+] Running a thread to detect Idle once it happens then click the QR reload button [whatsapp] Exception in thread Idle detector thread: Traceback (most recent call last): File "/usr/lib/python3.10/threading.py", line 1009, in _bootstrap_inner [+] Initializing webserver... [whatsapp] Exception in thread Webserver manager thread: Traceback (most recent call last): File "/usr/lib/python3.10/threading.py", line 1009, in _bootstrap_inner

QrlJacker Module(grabber/whatsapp) > self.run() File "/usr/lib/python3.10/threading.py", line 946, in run self.run() File "/usr/lib/python3.10/threading.py", line 946, in run self.run() File "/usr/lib/python3.10/threading.py", line 946, in run self._target(*self._args, self._kwargs) File "/home/kali/QRLJacking/QRLJacker/core/browser.py", line 149, in check_img self._target(*self._args, *self._kwargs) File "/home/kali/QRLJacking/QRLJacker/core/browser.py", line 167, in serve_module self._target(self._args, self._kwargs) File "/home/kali/QRLJacking/QRLJacker/core/browser.py", line 133, in website_qr controller = self.browsers[module_name]["Controller"] KeyError: 'whatsapp' self.browsers[module_name]["host"] = "http://"+host KeyError: 'whatsapp' controller = self.browsers[module_name]["Controller"] KeyError: 'whatsapp'

Prisoner2-6-7 commented 1 year ago

I get this error when I’m trying to launch the tool. Many are saying that the problem exists in geckodriver or Firefox that’s why it doesn’t show up. Is there any way the developer could make it so it doesn’t automatically have to launch Firefox and serve the QR code on a webserver? Instead, maybe make the tool create the malformed QR code and outputs it in the users directory. User then can manually create a phishing page or whatever they want during social engineering stage. It’ll be up to them. Such an awesome tool. Would be a shame if everybody forgets about this tool

QrlJacker > use grabber/whatsapp

< Module(grabber/whatsapp) > run [+] Using the default useragent [+] Running a thread to keep the QR image [whatsapp] Exception in thread QR updater thread: Traceback (most recent call last): File "/usr/lib/python3.10/threading.py", line 1009, in _bootstrap_inner [+] Waiting for sessions on whatsapp [+] Running a thread to detect Idle once it happens then click the QR reload button [whatsapp] Exception in thread Idle detector thread: Traceback (most recent call last): File "/usr/lib/python3.10/threading.py", line 1009, in _bootstrap_inner [+] Initializing webserver... [whatsapp] Exception in thread Webserver manager thread: Traceback (most recent call last): File "/usr/lib/python3.10/threading.py", line 1009, in _bootstrap_inner

QrlJacker Module(grabber/whatsapp) > self.run() File "/usr/lib/python3.10/threading.py", line 946, in run self.run() File "/usr/lib/python3.10/threading.py", line 946, in run self.run() File "/usr/lib/python3.10/threading.py", line 946, in run self._target(*self._args, self._kwargs) File "/home/kali/QRLJacking/QRLJacker/core/browser.py", line 149, in check_img self._target(*self._args, *self._kwargs) File "/home/kali/QRLJacking/QRLJacker/core/browser.py", line 167, in serve_module self._target(self._args, self._kwargs) File "/home/kali/QRLJacking/QRLJacker/core/browser.py", line 133, in website_qr controller = self.browsers[module_name]["Controller"] KeyError: 'whatsapp' self.browsers[module_name]["host"] = "http://"+host KeyError: 'whatsapp' controller = self.browsers[module_name]["Controller"] KeyError: 'whatsapp'

I also facing the same error

badaboom9999 commented 1 year ago

Same issue . Any solutions?

afiqnazir commented 1 year ago

after "use grabber/whatsapp"

set host

set port

set useragent (default)