THIS IS AN ADVANCED TUTORIAL WHERE YOU WILL GAIN COMPLETE ACCESS OF THE
WHATSAPP ACCOUNT OF YOUR VICTIM OR FRIEND. NO DOWNLOADABLE TOOLS OR EXTRA
MALWARE FILES NEEDED. This is an advanced guide so little knowledge on how the
method works and Linux is needed. I explained it step-by-step anyway. :)
DO NOT LEECH OR YOU WILL BE REPORTED FOR SURE.
INTRODUCTION
WhatsApp has become an important part of billions of people’s life. Many of us
woke up or go to bed, by checking our WhatsApp messages. Some of us are always
curious to know to check WhatsApp of our friends. Girlfriends want to check
on boyfriends and boyfriends want to check on girlfriends. Today Ethical Hack-
ing researcher from International Institute of Cyber Security will demonstrate
on How to Hack WhatsApp of your Friend by sending a Single Link.
We will use a tool called Ohmyqr which is a social engineering tool. Using this
OhMyQR Tool, we can hijack anyone’s WhatsApp account using the Malicious QR
code. We will send Victim a URL using social engineering techniques and when
the victim opens that URL he/she will receive a malicious WhatsApp malicious
QR code on his/her machine. This QR code is a replica of what you normally see
when you use WhatsApp web. On scanning QR code, hackers will be able to ses-
sion hijack victims WhatsApp account.
ENVIRONMENT
O S: Kali Linux 2019.3 64 bit
Kernel-Version : 5.2.0
INSTALLATION STEPS
Use this command to clone the project.
Code:
git clone https://github.com/thelinuxchoice/ohmyqr
root@kali:/home/iicybersecurity# git clone
https://github.com/thelinuxchoice/ohmyqr
Cloning into 'ohmyqr'…
remote: Enumerating objects: 23, done.
remote: Total 23 (delta 0), reused 0 (delta 0), pack-reused 23
Receiving objects: 100% (23/23), 20.95 KiB | 437.00 KiB/s, done.
Resolving deltas: 100% (8/8), done.
Use the cd command to enter into ohmyqr directory
When we tried to launch the tool, we got an error for not in-
stalling the required packages for the tool as shown below.
Use this command bash ohmyqr.sh.
OhMyQR – Scrot Missing Package
For this we used this command to install missing scrot package.
sudo apt-get install scrot
DESIGNED BY :-
Code:
root@kali:/home/iicybersecurity/ohmyqr# sudo apt-get install
scrot
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following additional packages will be installed:
giblib1 libid3tag0 libimlib2
The following NEW packages will be installed:
giblib1 libid3tag0 libimlib2 scrot
0 upgraded, 4 newly installed, 0 to remove and 1564 not upgraded.
Need to get 293 kB of archives.
After this operation, 1,011 kB of additional disk space will be used.
========================================================================
========================================SNIP===========================
========================================================================
==========
Selecting previously unselected package scrot.
Preparing to unpack .../archives/scrot_1.3-1_amd64.deb ...
Unpacking scrot (1.3-1) ...
Setting up libid3tag0:amd64 (0.15.1b-14) ...
Setting up libimlib2:amd64 (1.6.1-2) ...
Setting up giblib1:amd64 (1.2.4-12) ...
Setting up scrot (1.3-1) ...
Processing triggers for man-db (2.8.6.1-1) ...
Processing triggers for libc-bin (2.30-4) ...
Scanning processes...
Scanning linux images...
Code:
sudo apt-get install xdotool
root@kali:/home/iicybersecurity/ohmyqr# sudo apt-get in-
stall xdotool
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following additional packages will be installed:
libxdo3
The following NEW packages will be installed:
libxdo3 xdotool
=====================================================================
=========================================SNIP========================
=====================================================================
==================
Setting up libxdo3:amd64 (1:3.20160805.1-4) ...
Setting up xdotool (1:3.20160805.1-4) ...
Processing triggers for man-db (2.8.6.1-1) ...
Processing triggers for libc-bin (2.30-4) ...
Scanning processes...
Scanning linux images..
Now, use the same command to launch
In the same way we got another error for missing
package while launching the tool..
OhMyQR – xdotool Missing Package
For this we used this command to install xdotool
package.
Now, use the same command to launch the tool bash ohmyqr.sh
OhMyQR – Tool Launch
We successfully launched the tool.
Now, choose option 1 to launch the Ngrok server.
Select website to mirror or press enter for default WhatApp
and it will starts PHP and Ngrok server and then it generates
malicious Link (ngrok link).
Then press enters to start the Web WhatsApp on hackers ma-
chine.
It will launch web.whatsapp.com on FireFox browser in Full
screen mode on Hacker machine.
Now send malicious Link (ngrok link) to the victim using social
engineering techniques
.png)
.jpeg)
.png)
.jpeg)
