What is OTP?
onetime password, or commonly called OTP, is auto generated 3 to 6 digit number code that authenticate a user to their account. the OTP acts as also more secure password, especially if the users password is weak or reused
Description of Vulnerability:
Lets suppose there is site called example.com and when you checkout the site there is login and create option will be there so just need to lookup there below there are steps I’m going to show you how did I bypassed OTP in my case
Before get started please learn basics of Burp Suite
Lets get started then!!!!!!!!!!!
Steps To Perform
Method 1: OTP Bypass Leads To Account Takeover
step 1: visit to site choose create a account fill up details
step 2: For number fill up you’re number and wait for OTP it will ask us fill up OTP that time randomly put any number for OTP section
step 3: after putting any random OTP just intercept the request in Burp Suite
step 4: when you get the request lookup and select on do intercept response only like below image
step5: forward the request until you get the request like below image as we get response here we just need do small changes here
step6: now time just need to change code 1 to 0 and invalid to valid otp that’s it like below image shared
step7: Boom!! Boom!! Just like that we did we just bypassed OTP and this also leads to account takeover
Method 2: OTP Bypass by Brute-force
this is another method which I’ve been came across int his method I noticed there is 4 digit OTP which I’ve been came up with this idea
Step1: suppose there is site called example.com input the number and top of your choice
step2: use the Burpsuit and intercept the request before submit button
step3: forward the request until you notice there in request page there OTP is been displayed suppose 000 is our OTP then there will be that OTP
step4: send request to intruder select sniper attack clear all and just add $ to OTP for example $0000$ and in the
step5: in position tab do what below I did in image
step6: press on start attack that’s it!!! boom!!!!!!!
step7: we get to notice that out this combination we get to see different digit and that’s the OTP
Method3: OTP bypass through response manipulation
step1: lets take a target site called targetsite.com where we need to put our number and wait for it
step2: we been requested to input OTP here OTP need to input in 6 digit in my case
step3: input random any 6 digit and intercept request in Burpsuit before click
step4: In Burpsuit forward the request until you see there is OTP now click on request and click on do intercept> response to this request
step5: here in response we came across there will be error try to change that error to success we need to manipulation just like that, fail to success, 0 to 1 like this manipulation we need to do
step6: Forward the request and success here we go Boom!!!!
SEEYAA FOR TODAY GUYS HAPPY SAFE SEARCH!!!!!!!!!!!