Evil Qr

Toolkit demonstrating another approach of a QRLJacking attack, allowing to perform remote account takeover, through sign-in QR code phishing.

It consists of a browser extension used by the attacker to extract the sign-in QR code and a server application, which retrieves the sign-in QR codes to display them on the hosted phishing pages.

Watch the demo video on Youtube https://www.youtube.com/watch?v=8pfodWzqMcU

Read more about it on my blog: https://breakdev.org/evilqr-phishing

Download

LogoGitHub - kgretzky/evilqr: Proof-of-concept to demonstrate dynamic QR swap phishing attacks in practice.GitHub
PreviousEvil no vnc phishingNextEvilginx 3.0

Last updated