search

OWASP / QRLJacking

QRLJacking or Quick Response Code Login Jacking is a simple-but-nasty attack vector affecting all the applications that relays on “Login with QR code” feature as a secure way to login into accounts which aims for hijacking users session by attackers.
GNU General Public License v3.0
1.33k stars 619 forks source link

Kali Linux Arm64/Aarch64 Support??? #213

Closed Gary-Cod closed 1 year ago

Gary-Cod commented 1 year ago

Just wondering if this project will get support to work on Linux Aarch/Arm64 ??

LucaReggiannini commented 1 year ago

Never tried on this architecture but there is a Geckodriver release for Aarch64 https://github.com/mozilla/geckodriver/releases/download/v0.33.0/geckodriver-v0.33.0-linux-aarch64.tar.gz

Is that what you are looking for?

Gary-Cod commented 1 year ago

OS: Parrot OS 5.3 (Electro Ara) aarch64

Python 3.9 --version

Geckodriver --version ("geckodriver-v0.33.0-linux-aarch64")

python3.9 QrlJacker.py --debug --verbose QrlJacker > use grabber/whatsapp

QrlJacker Module(grabber/whatsapp) > run [+] Using the default useragent [+] Running a thread to keep the QR image [whatsapp] [+] Waiting for sessions on whatsapp [+] Running a thread to detect Idle once it happens then click the QR reload button [whatsapp] [+] Initializing webserver... [whatsapp]

QrlJacker Module(grabber/whatsapp) > Exception in thread Webserver manager thread: Traceback (most recent call last): File "/usr/lib/python3.9/threading.py", line 954, in _bootstrap_inner self.run() File "/usr/lib/python3.9/threading.py", line 892, in run self._target(*self._args, **self._kwargs) File "/home/parrot/Downloads/QRLJacking/QRLJacker/core/browser.py", line 198, in serve_module webserver.start_serving(host) File "/home/parrot/Downloads/QRLJacking/QRLJacker/core/module_utils.py", line 33, in start_serving self.httpd = ReusableTCPServer( (host, self.port), MyHandler) File "/usr/lib/python3.9/socketserver.py", line 452, in init self.server_bind() File "/usr/lib/python3.9/socketserver.py", line 466, in server_bind self.socket.bind(self.server_address) PermissionError: [Errno 13] Permission denied

[!] KeyboardInterrupt use exit command!

Can you please help !!!

LucaReggiannini commented 1 year ago

I see a PermissionError: [Errno 13] Permission denied: did you try to set a port higher than 1024? You can do it with: set port 1234 before using the run command. As an alternative you can try to run the program as root with sudo python3.9 QrlJacker.py

Gary-Cod commented 1 year ago

Thanks for the quick reply !!!!

It works when change the port to 1234, 8080 or 8888

Alternative : running as root cause issue (Firefox couldn't open)

QrlJacker Module(grabber/whatsapp) > jobs [!] No active jobs.

QrlJacker Module(grabber/whatsapp) > set port 8888 [+] port => 8888

QrlJacker Module(grabber/whatsapp) > options

Name Current value Required Description
port 8888 Yes The local port to listen on.
host 0.0.0.0 Yes The local host to listen on.
useragent (default) Yes Make useragent is the (default) one, a (random) generated useragent or a specifed useragent

QrlJacker Module(grabber/whatsapp) > run [+] Using the default useragent [!] Couldn't open Firefox! Check the installation instructions again!

LucaReggiannini commented 1 year ago

Maybe on root user something is different (maybe the PATH variable). Apart from this, changing the port is making the tool work on Aarch64, is this right?

Gary-Cod commented 1 year ago

Yes On Parrot OS 5.3 (Electro Ara) aarch64 ----> its working perfectly Thanks for your amazing work & help !!!