web.whatsapp.com Hack Tutorial Step by Step Explanation (100% Working)

How to Hack WhatsApp Tutorial

Short Summary                  

Hello Friends! Today’s post is going to be quite interesting for you guyz because this time we are going to learn How to Hack WhatsApp by web.whatsapp.com hack & how to stay safe from this attack. Here I am using a tool, named QRLJacking for hijacking WhatsApp session & peform web.whatsapp.com hack.

QRLJacking (Quick Response Login Jacking) and it is a social engineering tool which means it works on our social engineering doing skills. You all must be aware of WhatsApp Web and its uses, i.e. you can run WhatsApp on your Computer as well. If  web.whatsapp.com hack is open then you can see live messages, current location and many more sensitive Information.

How QRLJacking tool works?

!! This tutorial is for Education Purpose Only !!    

Normally, whenever you scan the WhatsApp web QR code then mobile generates a secret authentication token and send it to the website. Then website does verify this secret token if this token is successfully verified by the website then your WhatsApp session is also open on the computer.

By using the QRLJacking tool it creates a Phishing page of the QR Code of the WhatsApp web and whenever victim scans this QR Code from his/her mobile phone then the generated authentication token is automatically sent to the attacker’s server. After getting Authentication token successfully then the attacker does verify it from the WhatsApp web website and then attacker sees all the messages of the victim.

Let’s see the Practical session :

So, firstly you must have to download this tool by clicking here. for your Kali Linux machine. You can also download it on your computer by typing

git clone https://github.com/OWASP/QRLJacking 

After downloading this tool on your Linux type

cd QRLJacking/

to go inside the QRLJacking folder then type

cd QrlJacking-Framework/

to go inside this folder. When you reach this folder just install your requirements.txt file by typing

pip install -r requirements.txt

After installing this requirements.txt file you need to type

python QrlJacker.py

to run this python script. Now, you can see here Framework is now open. So, for WhatsApp, we type

1

for selecting Chat Applications.

Then we also type

1

for selecting WhatsApp. Then type port Number on which you want to open this on your browser. So, I type here

8

and hit Enter

This will automatically open web.whatsapp.com on your browser and to see your phishing page. You all need to type your system IP to see this fake page on your browser.

You can see here your Phishing page is ready. Now, whenever your web.whatsapp.com QR Code changes than in your Phishing page it will automatically change. You can also do the modification on its index.html page and convert it similar to the web.whatsapp.com.

This depends upon the attacker’s skills that how similar page is created by him. Whenever victim scan this QR Code then in your web.whatsapp.com tab WhatsApp session will automatically open.

How to be Safe from this Attack?

• This is a Social Engineering Trick. Your Awareness is the only step by which you can save yourself from all these attacks.
• Check your WhatsApp web on your mobile phone. If you found any unidentified entry they then click on Log Out From all Computers. This will Log Out your WhatsApp web session everywhere in the world.

I hope you will like this tutorial a wants more then subscribe to our newsletter and you can also find some more interesting tutorials based on ethical hacking.