QRLJacking Requirements - KamalAwasthi/QRLJacking GitHub Wiki

QRLJacking Requirements

As we mentioned before one of the attack’s advantages relays in it’s simplicity, So all what the attackers need to do to initialize a successful QRLJacking attack is to write a script to regularly clone the expirable QR Codes and refresh the ones displayed on the phishing website which they created, because as we know a well implemented QR Login process should have an expiration interval for the QR codes (during our tests some services didn't have that).

So all what we need here is: Attacker (Script kiddie as a minimum required skills) + QR Code Refreshing Script (on the attacker side) + a well crafted phishing web page/script and a Victim.