this is the problem
$python QrlJacker.py
Traceback (most recent call last):
File "QrlJacker.py", line 4, in
from core import Cli,utils,Settings,db
File "/root/QRLJacking/QRLJacker/core/Cli.py", line 288
status(f"Starting interaction with ({cmd.i})...")
^

when I put this commande sudo pip install -r requirements.txt

the installation will stop with this information…
matplotlib 1.3.1 requires nose, which is not installed.
matplotlib 1.3.1 requires tornado, which is not installed.

can you help me?
thanks

Cloning the latest version. This is what I get when I run.

python3 QrlJacker.py --help
Traceback (most recent call last):
  File "QrlJacker.py", line 4, in <module>
    from core import Cli,utils,Settings,db
  File "/home/fahad/Documents/QRLJacking/QRLJacker/core/Cli.py", line 288
    status(f"Starting interaction with ({cmd.i})...")
                                                   ^
SyntaxError: invalid syntax

i can't install the QRLJacking, every time i tried to install it i get requeriments.txt erro

root@kali:~/QRLJacking/QRLJacker# python3 QrlJacker.py
Traceback (most recent call last):
File "QrlJacker.py", line 4, in
from core import Cli,utils,Settings,db
File "/root/QRLJacking/QRLJacker/core/Cli.py", line 4, in
import os,sys,time,random,traceback,json,argparse,readline
ModuleNotFoundError: No module named 'readline'

Hi Please I need help

The other machine is in a Caribbean Island with bad internet and in getting, time out connection
and ERR_CONECTION_TIMED_OUT

What can I do

The current version of QRLJacker.py basically performs a single targeted attack , which cause some limitations to be present on the Social Engineering phishing attack vector .

try:
            img = driver.find_elements_by_tag_name('img')[0]
            src = img.get_attribute('src').replace("data:image/png;base64,","")
            print " [*] QR code image detected !"
            print " [*] Downloading the image..."
            binary_data = a2b_base64(src)
            qr = open("tmp.png","wb")
            qr.write(binary_data)
            print " [*] Saved To tmp.png"
            qr.close()
            time.sleep(5)
            continue
        except:
            break

It breaks after the QR code has been scanned by the victim as there's no img on the current session anymore .

Would be more reliable if , instead of breaking , the code returns to a specific function that starts a new session with a new QR code and continues updating the tmp.png with the new QR code to re-setup the trap for more potential victims . That's more reliable for a massive phishing attack vector .

Starting different newer sessions on the same browser could be a tough job though , I think you'll need to code some of the techniques used in MultiFox and Session Buddy inside the framework , maybe you'll ask the user to install those on his browser if he wants to use this attack vector , and then try to access their features using your python code .

Anyways , the massive random attack vector shouldn't be the default attack vector though , it would be more convenient if you prompt the user to choose between the Single targeted attack and the Massive random attack .

QrlJacker Module(grabber/whatsapp) > run
[+] Using the default useragent
[+] Running a thread to keep the QR image [whatsapp]
[+] Waiting for sessions on whatsapp
[+] Running a thread to detect Idle once it happens then click the QR reload button [whatsapp]
[+] Initializing webserver... [whatsapp]

QrlJacker Module(grabber/whatsapp) > Exception in thread QR updater thread:
Traceback (most recent call last):
File "/usr/lib/python3.6/threading.py", line 916, in _bootstrap_inner
self.run()
File "/usr/lib/python3.6/threading.py", line 864, in run
self._target(*self._args, **self._kwargs)
File "/root/Desktop/QRLJacking/QRLJacker/core/browser.py", line 107, in website_qr
controller = self.browsers[module_name]["Controller"]
KeyError: 'whatsapp'

Exception in thread Idle detector thread:
Traceback (most recent call last):
File "/usr/lib/python3.6/threading.py", line 916, in _bootstrap_inner
self.run()
File "/usr/lib/python3.6/threading.py", line 864, in run
self._target(*self._args, **self._kwargs)
File "/root/Desktop/QRLJacking/QRLJacker/core/browser.py", line 120, in check_img
controller = self.browsers[module_name]["Controller"]
KeyError: 'whatsapp'

Exception in thread Webserver manager thread:
Traceback (most recent call last):
File "/usr/lib/python3.6/threading.py", line 916, in _bootstrap_inner
self.run()
File "/usr/lib/python3.6/threading.py", line 864, in run
self._target(*self._args, **self._kwargs)
File "/root/Desktop/QRLJacking/QRLJacker/core/browser.py", line 135, in serve_module
self.browsers[module_name]["host"] = "http://"+host
KeyError: 'whatsapp'

python QRLJacker.py
[] Error Importing Exterinal Libraries
[] Trying install it using the requirements.txt file..

Requirement already satisfied: requests>=2.11.1 in /usr/lib/python2.7/dist-packages (from -r requirements.txt (line 1))
Requirement already satisfied: Pillow>=3.3.1 in /usr/lib/python2.7/dist-packages (from -r requirements.txt (line 2))
Requirement already satisfied: selenium==3.14.1 in /usr/local/lib/python2.7/dist-packages (from -r requirements.txt (line 3))
Requirement already satisfied: configparser>=3.5.0 in /usr/local/lib/python2.7/dist-packages (from -r requirements.txt (line 4))
Requirement already satisfied: urllib3 in /usr/lib/python2.7/dist-packages (from selenium==3.14.1->-r requirements.txt (line 3))
Traceback (most recent call last):
File "QRLJacker.py", line 36, in
settings = configparser.ConfigParser()
NameError: name 'configparser' is not defined

If you're a good English speaker you can go through our Wiki and look for typos and grammar mistakes.

after typing python3.7 -m pip install -r requirements.txt ,
they said /usr/bin/python3.7: no module named pip

Unless I'm missing something the SQRL documentation specifically mentions this type of attack and mitigates it in a proper implementation: https://www.grc.com/sqrl/phishing.htm

If QRL Jacking can be install in termux android. Wow amazing.
Cantik you help

Exception in thread Webserver manager thread:
Traceback (most recent call last):
File "/usr/lib/python3.7/threading.py", line 917, in _bootstrap_inner
self.run()
File "/usr/lib/python3.7/threading.py", line 865, in run
self._target(*self._args, **self._kwargs)
File "/home/kali/Desktop/QRLJacking/QRLJacker/core/browser.py", line 150, in serve_module
self.browsers[module_name]["host"] = "http://"+host
KeyError: 'whatsapp'

Exception in thread QR updater thread:
Traceback (most recent call last):
File "/usr/lib/python3.7/threading.py", line 917, in _bootstrap_inner
self.run()
File "/usr/lib/python3.7/threading.py", line 865, in run
self._target(*self._args, **self._kwargs)
File "/home/kali/Desktop/QRLJacking/QRLJacker/core/browser.py", line 116, in website_qr
controller = self.browsers[module_name]["Controller"]
KeyError: 'whatsapp'

Exception in thread Idle detector thread:
Traceback (most recent call last):
File "/usr/lib/python3.7/threading.py", line 917, in _bootstrap_inner
self.run()
File "/usr/lib/python3.7/threading.py", line 865, in run
self._target(*self._args, **self._kwargs)
File "/home/kali/Desktop/QRLJacking/QRLJacker/core/browser.py", line 132, in check_img
controller = self.browsers[module_name]["Controller"]
KeyError: 'whatsapp'

Hi I’m new in this site and I have a problem with qrljacking !!!

I installed qrljacking in kali linux 2018.4 but I have observed if I haven’t a qrl-framework for lounch the qrljacking mode!!!

When I type: Python QRLJacking.py
It don’t open nothing and give me SYNTAX ERROR

In kali Linux I have Python 2.7

Where is the problems , please help me!!!!

which python version is suitable for QRLJacking tool?

python QrlJacker.py
Traceback (most recent call last):
File "QrlJacker.py", line 4, in
from core import Cli,utils,Settings,db
File "/root/QRLJacking/QRLJacker/core/Cli.py", line 288
status(f"Starting interaction with ({cmd.i})...")
^
SyntaxError: invalid syntax

This comes and yes I did ' pip install -r requirements.txt '
Some help pls thx

File "QrlJacker.py", line 4, in
from core import Cli,utils,Settings,db
File "/root/Desktop/QRLJacking/QRLJacker/core/Cli.py", line 5, in
from core import utils,db,module,Settings,browser
File "/root/Desktop/QRLJacking/QRLJacker/core/utils.py", line 5, in
from terminaltables import AsciiTable as table
ModuleNotFoundError: No module named 'terminaltables'

WhatsAppQRJackingModule.js how to add this to greasemonkey?

in the browser there is no qrcode image. only text info ..

Name Current value Required Description
port 1338 Yes The local port to listen on.
host 0.0.0.0 Yes The local host to listen on.
useragent (default) Yes Make useragent is the (default) one, a (random) generated useragent or a specifed useragent

QrlJacker Module(grabber/whatsapp) > run
[+] Using the default useragent
[+] Running a thread to keep the QR image [whatsapp]
[+] Waiting for sessions on whatsapp
[+] Running a thread to detect Idle once it happens then click the QR reload button [whatsapp]
[+] Initializing webserver... [whatsapp]

QrlJacker Module(grabber/whatsapp) >
[+] Got session on whatsapp module
[+] Session saved successfully

[+] Got session on whatsapp module
[+] Session saved successfully

[+] Got session on whatsapp module
[+] Session saved successfully

ALL the youtube videos and online tutorials use old versions. How can i learn with the new version

oot@kali:~/QRLJacking/QrlJacking-Framework# python QRLJacker.py
[] Error Importing Exterinal Libraries
[] Trying install it using the requirements.txt file..

Requirement already satisfied: requests>=2.11.1 in /usr/lib/python2.7/dist-packages (from -r requirements.txt (line 1)) (2.18.4)
Requirement already satisfied: Pillow>=3.3.1 in /usr/lib/python2.7/dist-packages (from -r requirements.txt (line 2)) (5.2.0)
Requirement already satisfied: selenium==3.14.1 in /usr/local/lib/python2.7/dist-packages (from -r requirements.txt (line 3)) (3.14.1)
Requirement already satisfied: configparser>=3.5.0 in /usr/local/lib/python2.7/dist-packages (from -r requirements.txt (line 4)) (3.5.1)
Requirement already satisfied: urllib3 in /usr/lib/python2.7/dist-packages (from selenium==3.14.1->-r requirements.txt (line 3)) (1.22)
Traceback (most recent call last):
File "QRLJacker.py", line 36, in
settings = configparser.ConfigParser()
NameError: name 'configparser' is not defined

Dear contributors,

Found that the latest build throwing the follow error, tested on Kali Linux 2016.2 & Ubuntu 16.04

[*] Starting victim session on http://localhost:1337
Error:
Can not call any WebBrowsers
Check your Installed Browsers!

`Hello
I'm very new to kali linux I cloned QRljacking to Desktop ,but when I try to change the direction to (QrlJacking-Framework) is dosent mention in the list ,If anyone know how to manege this issue ,please help me

idk how to fix it pls help and yes i installed readline dont say it it dont work

[+] Using the default useragent
[+] Running a thread to keep the QR image [whatsapp]
Exception in thread QR updater thread:
Traceback (most recent call last):
File "/usr/lib/python3.7/threading.py", line 917, in _bootstrap_inner
self.run()
File "/usr/lib/python3.7/threading.py", line 865, in run
self._target(*self._args, **self._kwargs)
File "/root/QRLJacking/QRLJacker/core/browser.py", line 116, in website_qr
controller = self.browsers[module_name]["Controller"]
KeyError: 'whatsapp'

[+] Waiting for sessions on whatsapp
[+] Running a thread to detect Idle once it happens then click the QR reload button [whatsapp]
Exception in thread Idle detector thread:
Traceback (most recent call last):
File "/usr/lib/python3.7/threading.py", line 917, in _bootstrap_inner
self.run()
File "/usr/lib/python3.7/threading.py", line 865, in run
self._target(*self._args, **self._kwargs)
File "/root/QRLJacking/QRLJacker/core/browser.py", line 132, in check_img
controller = self.browsers[module_name]["Controller"]
KeyError: 'whatsapp'

[+] Initializing webserver... [whatsapp]

QrlJacker Module(grabber/whatsapp) > Exception in thread Webserver manager thread:
Traceback (most recent call last):
File "/usr/lib/python3.7/threading.py", line 917, in _bootstrap_inner
self.run()
File "/usr/lib/python3.7/threading.py", line 865, in run
self._target(*self._args, **self._kwargs)
File "/root/QRLJacking/QRLJacker/core/browser.py", line 150, in serve_module
self.browsers[module_name]["host"] = "http://"+host
KeyError: 'whatsapp'

QRLJacking-Framework Readme.md
Check for typos and grammar mistakes.
Also try to see if the Getting-Started steps are clear enough.

Hey, Could you help me? I have only Whats up module. How can I install module for WeChat? Thanks

Hi.

Just experienced a weird behavior with QrlJacker.

Observed result : when running the "run" command with some custom useragents, QrlJacker get sessions repeatedly without any real triggering. When running sessions on firefox, we just get web.whatsapp.com home page.

QrlJacker Module(grabber/whatsapp) > run
[+] Using useragent Mozilla/5.0 (Android 6.0; Mobile; rv:61.0) Gecko/61.0 Firefox/61.0
[+] Running a thread to keep the QR image  [whatsapp]
[+] Waiting for sessions on whatsapp
[+] Running a thread to detect Idle once it happens then click the QR reload button [whatsapp]
[+] Initializing webserver... [whatsapp]

[+] Got session on whatsapp module
[+] Session saved successfully

QrlJacker Module(grabber/whatsapp) > 
[+] Got session on whatsapp module
[+] Session saved successfully

[+] Got session on whatsapp module
[+] Session saved successfully

[+] Got session on whatsapp module
[+] Session saved successfully

[+] Got session on whatsapp module
[+] Session saved successfully

[+] Got session on whatsapp module
[+] Session saved successfully

[+] Got session on whatsapp module
[+] Session saved successfully

[+] Got session on whatsapp module
[+] Session saved successfully

[+] Got session on whatsapp module
[+] Session saved successfully

[+] Got session on whatsapp module
[+] Session saved successfully

[+] Got session on whatsapp module
[+] Session saved successfully

[+] Got session on whatsapp module
[+] Session saved successfully

Step to reproduce the bug : set this custom useragent before running : Mozilla/5.0 (Android 6.0; Mobile; rv:61.0) Gecko/61.0 Firefox/61.0

QrlJacker > use grabber/whatsapp

QrlJacker Module(grabber/whatsapp) > set port 1337
[+] port => 1337

QrlJacker Module(grabber/whatsapp) > set useragent 'Mozilla/5.0 (Android 6.0; Mobile; rv:61.0) Gecko/61.0 Firefox/61.0'
[+] useragent => Mozilla/5.0 (Android 6.0; Mobile; rv:61.0) Gecko/61.0 Firefox/61.0

QrlJacker Module(grabber/whatsapp) > run

Note that this issue seems to be due only to some custom useragent. This useragent for instance don't cause any issue : Mozilla/5.0 (Windows NT 6.1; rv:60.0) Gecko/20100101 Firefox/60.0

Traceback (most recent call last):
File "QrlJacker.py", line 4, in
from core import Cli,utils,Settings,db
File "/root/QRLJacking/QRLJacker/core/Cli.py", line 288
status(f"Starting interaction with ({cmd.i})...")
^
SyntaxError: invalid syntax

The Script QRLJacker.py needs to be refactored and tested.

I get this error when i try to run the program:

root@kali:~/QRLJacking/QRLJacker# python QrlJacker.py
Traceback (most recent call last):
File "QrlJacker.py", line 4, in
from core import Cli,utils,Settings,db
File "/root/QRLJacking/QRLJacker/core/Cli.py", line 5, in
from core import utils,db,module,Settings,browser
File "/root/QRLJacking/QRLJacker/core/utils.py", line 5, in
from terminaltables import AsciiTable as table
ModuleNotFoundError: No module named 'terminaltables'

I'm using python 3.7 as you can see here:

root@kali:~/QRLJacking/QRLJacker# python
Python 3.7.3rc1 (default, Mar 13 2019, 11:01:15)
[GCC 8.3.0] on linux
Type "help", "copyright", "credits" or "license" for more information.

[3]+ Stopped /usr/bin/python3.7

the phishing page loading but QRcode not loading on target firefox

I've installed all requirements, it seems like some sort of version conflict between various python versions but i am not able to understand the exact cause, I even tried installing chromium web driver instead of selenium but neither of them would work. any solutions?

I could not find any logs in this script which I could refer.
---------------------error---------------------
[*] Starting victim session on http://localhost:1337
Error:
Can not call any WebBrowsers
Check your Installed Browsers!

--------------things tried----------------
python -m pip install selenium (firefox)
pip install chromedriver

--------------system_details---------
OS: kali linux
Kernel: x86_64 Linux 4.14.0-kali3-amd64

I tried to use a remote server (altervista) uploading qrhandler.php and phishing.html and setting Greasemonkey but it doesn't work for me....
Below pictures... Can you help me?
p.s server doesn't have SSL is maybe due to this?
Thank You

Video demonstration:

Pictures:

root@kali:~/Desktop/app/QRLJacking/QRLJacker# python3 QrlJacker.py
Traceback (most recent call last):
File "QrlJacker.py", line 4, in
from core import Cli,utils,Settings,db
File "/root/Desktop/app/QRLJacking/QRLJacker/core/Cli.py", line 4, in
import os,sys,time,random,traceback,json,argparse,readline
ModuleNotFoundError: No module named 'readline'

Can anyone help me please?

OS name: Kali GNU/Linux Rolling
OS type: 64-bit
Version: Version 3.30.2
Python Version: 3.7
FireFox Version: 60.4.0esr (64-bit)

The whole installation process appeared to be correct since I followed the instructions from this link: https://github.com/OWASP/QRLJacking/tree/master/QRLJacker

Then to run the attack i wrote down these codes and appeared to have some errors when i write the "run" command after setting the port as you can see here:

<Module(grabber/whatsapp) > set port 1337
[+] port => 1337

<Module(grabber/whatsapp) > run
[+] Using the default useragent
[+] Running a thread to keep the QR image [whatsapp]
[+] Waiting for sessions on whatsapp
[+] Running a thread to detect Idle once it happens then click the QR reload button [whatsapp]
[+] Initializing webserver... [whatsapp]

QrlJacker Module(grabber/whatsapp) > Exception in thread Webserver manager thread:
Traceback (most recent call last):
File "/usr/lib/python3.7/threading.py", line 917, in _bootstrap_inner
self.run()
File "/usr/lib/python3.7/threading.py", line 865, in run
self._target(*self._args, **self._kwargs)
File "/root/QRLJacking/QRLJacker/core/browser.py", line 135, in serve_module
self.browsers[module_name]["host"] = "http://"+host
KeyError: 'whatsapp'

Exception in thread QR updater thread:
Traceback (most recent call last):
File "/usr/lib/python3.7/threading.py", line 917, in _bootstrap_inner
self.run()
File "/usr/lib/python3.7/threading.py", line 865, in run
self._target(*self._args, **self._kwargs)
File "/root/QRLJacking/QRLJacker/core/browser.py", line 107, in website_qr
controller = self.browsers[module_name]["Controller"]
KeyError: 'whatsapp'

Exception in thread Idle detector thread:
Traceback (most recent call last):
File "/usr/lib/python3.7/threading.py", line 917, in _bootstrap_inner
self.run()
File "/usr/lib/python3.7/threading.py", line 865, in run
self._target(*self._args, **self._kwargs)
File "/root/QRLJacking/QRLJacker/core/browser.py", line 120, in check_img
controller = self.browsers[module_name]["Controller"]
KeyError: 'whatsapp'

I have to manually exit because nothing appears after that (using CTRL+C)

I tried rerunning "run" and got this message:
[+] Using the default useragent
[!] Couldn't open Firefox! Check the installation instructions again!

I don't know what's wrong with my firefox tho...
Any kind of help would be very much appreciated!

it only has whatsapp module, and the command run doesnt work

root@kali:~/Desktop/QRLJacking/QRLJacker# python3 QrlJacker.py --help
[!] The framework is designed to work only on python 3.7 or above!
[!] You are using version 3.6.8

root@kali:~/Desktop/QRLJacking/QRLJacker# python3.7 -V
Python 3.7.3

root@kali:~/Desktop/QRLJacking/QRLJacker# python3.7 QrlJacker.py --help
Traceback (most recent call last):
File "QrlJacker.py", line 4, in
from core import Cli,utils,Settings,db
File "/root/Desktop/QRLJacking/QRLJacker/core/Cli.py", line 4, in
import os,sys,time,random,traceback,json,argparse,readline
ModuleNotFoundError: No module named 'readline'

Trackback ->
Exception in thread QR updater thread:
Traceback (most recent call last):
File "/data/data/com.termux/files/usr/lib/python3.7/threading.py", line 926, in _bootstrap_inner
self.run()
File "/data/data/com.termux/files/usr/lib/python3.7/threading.py", line 870, in run
self._target(*self._args, **self.kwargs)
File "/data/data/com.termux/files/home/OWASP-QRLJacking-_2019-04-09_09-40-26/QRLJacker/core/browser.py", line 107, in website_qr
controller = self.browsers[module_name]["Controller"]
KeyError: 'whatsapp'

Using python3.7
Using firefox66
Installed QRLJacker using the installation guide

When i run after setting port 1337 i get this error (debug mode and report mode enabled)

<Module(grabber/whatsapp) > run
[+] Using the default useragent
Exception: Message: Unable to find a matching set of capabilities

Trackback:
Exception -> name 'traceback' is not defined
Input -> run
Trackback ->
Traceback (most recent call last):
File "/root/QRLJacking/QRLJacker/core/browser.py", line 61, in new_session
new_headless[module_name]["Controller"] = Firefox(profile)#options=self.opts) # Inserting the browser object
File "/usr/local/lib/python3.7/dist-packages/selenium/webdriver/firefox/webdriver.py", line 174, in init
keep_alive=True)
File "/usr/local/lib/python3.7/dist-packages/selenium/webdriver/remote/webdriver.py", line 157, in init
self.start_session(capabilities, browser_profile)
File "/usr/local/lib/python3.7/dist-packages/selenium/webdriver/remote/webdriver.py", line 252, in start_session
response = self.execute(Command.NEW_SESSION, parameters)
File "/usr/local/lib/python3.7/dist-packages/selenium/webdriver/remote/webdriver.py", line 321, in execute
self.error_handler.check_response(response)
File "/usr/local/lib/python3.7/dist-packages/selenium/webdriver/remote/errorhandler.py", line 242, in check_response
raise exception_class(message, screen, stacktrace)
selenium.common.exceptions.SessionNotCreatedException: Message: Unable to find a matching set of capabilities

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
File "/root/QRLJacking/QRLJacker/core/module.py", line 55, in handle
handler(args)
File "/root/QRLJacking/QRLJacker/core/module.py", line 139, in command_run
current_browser = Settings.headless_browser.new_session(exec_info.name, exec_info.url, global_options["useragent"][2])
File "/root/QRLJacking/QRLJacker/core/browser.py", line 68, in new_session
traceback.print_exc()
NameError: name 'traceback' is not defined
[!] run is not recognized as an internal command !
[+] Maybe you meant : , runreload, refresh, resource
[+] Type help or ? to learn more..

root@kali:~/Desktop/QRLJacking-master/QRLJacker# python QrlJacker.py
Traceback (most recent call last):
File "QrlJacker.py", line 4, in
from core import Cli,utils,Settings,db
File "/root/Desktop/QRLJacking-master/QRLJacker/core/Cli.py", line 288
status(f"Starting interaction with ({cmd.i})...")
^
SyntaxError: invalid syntax

os.system() has been deprecated since Python 2.6 in favor of the subprocess module.

Use subprocess with shell=False. It will protect you against most of the risk associated with piping commands.

Hello friends

so first of all i would like to tell my thx to the developer. GREAT JOB ;)

But i have question when I got the connection how can I got it permanently. In another video the Youtuber show copy an code in secrets.txt file and after that if i would like to connect i copy this code and paste it to the https://www.web.whatsapp.com/ in inspect elements console. How can I make this with QRLJacking.

thx for all answers ;)

[*] Starting victim session on http://localhost:1337
Error:
Can not call any WebBrowsers
Check your Installed Browsers!

Using Windows 10, went through the link #12 but still face the error.

Hi! I use QRL-jacking framework and get the error: when the script opens a new window of Firefox and follows to https://web.whatsapp.com/, the QR-code can't download. The browser says: you use an incompatible Web driver. But when I open the same page on my main window of Firefox, the QR-code is presented.
I use Firefox 52.3.0 (64 bit) and selenium==2.53.1. I tried to use other selenium versions, but I did't get the profit. What should I do?