Close Menu
    What's Hot

    Ultimate Guide to Attack Surface Scanning

    April 10, 2025

    Recent Trends in Zero Trust Architecture

    March 3, 2025

    Modern Defensive Cybersecurity Services

    December 29, 2024
    Facebook X (Twitter) Instagram LinkedIn WhatsApp
    HITH Blog – HackerinthehouseHITH Blog – Hackerinthehouse
    • Bug Bounty

      A Beginner’s guide to Active Directory Penetration Testing

      June 21, 2023

      Building an XSS Scanner with Python

      February 27, 2023

      Journey to Website Security: Uncovering Hyperlink Injection Dangers

      February 24, 2023

      File Upload XSS | Find XSS in a different way while doing Bug bounty and Pentesting

      January 13, 2023

      How To Find DOM-based XSS Vulnerability

      December 27, 2022
    • Pen Testing

      Privileged Escalation: How Hackers Exploit Permissions to Compromise Your Systems

      March 5, 2024

      The Ultimate Guide to Vulnerability Scanning

      December 13, 2023

      Top 10 Tools for Real World Red Teaming

      November 18, 2023

      Locking Down OAuth 2.0: Critical Steps to Protect User Accounts and Data

      November 10, 2023

      Detailed guide on Password Transmutations

      April 29, 2023
    • Cyber Security

      Ultimate Guide to Attack Surface Scanning

      April 10, 2025

      Recent Trends in Zero Trust Architecture

      March 3, 2025

      Modern Defensive Cybersecurity Services

      December 29, 2024

      A Comprehensive Guide on Cyber Security Services VS Cyber Security Products

      June 14, 2024

      A Comprehensive Guide to Security Compliance

      May 6, 2024
    • Services
    • Product
      • Certifications
    • More
      1. Ethical Hacking
      2. Kali Linux
      3. Write Ups
      4. CTF
      5. Blockchain
      6. Machine Learning
      7. Computer Science
      8. View All

      Journey to Website Security: Uncovering Hyperlink Injection Dangers

      February 24, 2023

      Pentest/VAPT RoE and Best Practices

      February 3, 2023

      Emoji Deploy Attack Chain

      January 24, 2023

      Introduction to Information Security

      January 11, 2023

      Cyber Security Roadmap (Part-2)

      October 25, 2022

      How to install waybacksurls in kali linux (2022)

      September 23, 2022

      How To Find Hidden Parameters

      November 12, 2022

      Top 10 Subdomain Takeover Reports

      November 6, 2022

      Pause DeSync Attack :

      November 3, 2022

      Bypassing OTP Verification Methods

      October 31, 2022

      Tryhackme Vulnversity walkthrough

      September 26, 2022

      Ultimate Guide to Attack Surface Scanning

      April 10, 2025

      Recent Trends in Zero Trust Architecture

      March 3, 2025

      Modern Defensive Cybersecurity Services

      December 29, 2024

      Robotic Process Automation: The Key to Effortless Efficiency

      September 18, 2024

      A Peek into Facial Recognition Technology

      August 21, 2023

      How Data Scientists and Machine Learning Engineers Differs

      November 8, 2022

      Artificial Neural Networks with ML

      November 4, 2022

      INTRODUCTION TO MACHINE LEARNING

      October 20, 2022

      Robotic Process Automation: The Key to Effortless Efficiency

      September 18, 2024

      BCI: Merging Minds With Machines

      August 18, 2023

      Is Quantum Computing the future of Computing?

      August 16, 2023

      Ultimate Guide to Attack Surface Scanning

      April 10, 2025

      Recent Trends in Zero Trust Architecture

      March 3, 2025

      Modern Defensive Cybersecurity Services

      December 29, 2024

      Robotic Process Automation: The Key to Effortless Efficiency

      September 18, 2024
    HITH Blog – HackerinthehouseHITH Blog – Hackerinthehouse
    Home»Bug Bounty»Bypassing OTP Verification Methods
    Bug Bounty

    Bypassing OTP Verification Methods

    By KRiPPto99October 31, 2022Updated:November 1, 2022No Comments4 Mins Read
    Share Facebook Twitter Pinterest LinkedIn Tumblr Reddit Telegram Email
    Share
    Facebook Twitter LinkedIn Pinterest Email

    Hey Guys, Its KRiPPto99 Back again. In today’s blog I’m going to show you How can anyone bypass OTP and take over his account And also you need a Burpsuite

    What is OTP?

    onetime password, or commonly called OTP, is auto generated 3 to 6 digit number code that authenticate a user to their account. the OTP acts as also more secure password, especially if the users password is weak or reused

    Description of Vulnerability:

    Lets suppose there is site called example.com and when you checkout the site there is login and create option will be there so just need to lookup there below there are steps I’m going to show you how did I bypassed OTP in my case

    Before get started please learn basics of Burp Suite

     

     

    Lets get started then!!!!!!!!!!!

     

     

    Steps To Perform

    Method 1: OTP Bypass  Leads To Account Takeover

    step 1: visit to site choose create a account fill up details

    step 2: For number fill up you’re number and wait for OTP it will ask us fill up OTP that time  randomly put any number for OTP section

    step 3: after putting any random OTP just intercept the request in Burp Suite

    step 4: when you get the request lookup and select on do intercept response only like below image

     

     

    step5: forward the request until you get the request like below image as we get response here we just need do small changes here

    step6: now time just need to change code 1 to 0 and invalid to valid otp that’s it like below image shared

     

    step7: Boom!! Boom!! Just like that we did we just bypassed OTP and this also leads to account takeover

     

     

     

     

     

    Method 2: OTP Bypass by Brute-force

    this is another method which I’ve been came across int his method I noticed there is 4 digit OTP which I’ve been came up with this idea

     

    Step1: suppose there is site called example.com input the number and top of your choice

    step2: use the Burpsuit and intercept the request before submit button

    step3: forward the request until you notice there in request page there OTP is been displayed suppose 000 is our OTP then there will be that OTP

    step4: send request to intruder select sniper attack clear all and just add $ to OTP for example $0000$ and in the

    step5: in position tab do what below I did in image

     

    step6: press on start attack that’s it!!! boom!!!!!!!

    step7: we get to notice that out this combination we get to see different digit and that’s the OTP

     

     

     

    Method3: OTP bypass through response manipulation

    step1: lets take a target site called targetsite.com where we need to put our number and wait for it

    step2: we been requested to input OTP here OTP need to input in 6 digit in my case

    step3: input random any 6 digit and intercept request in Burpsuit before click

    step4: In Burpsuit forward the request until you see there is OTP now click on request and click on do intercept> response to this request

    step5: here in response we came across there will be error try to change that error to success we need to manipulation just like that, fail to success, 0 to 1 like this manipulation we need to do

    step6: Forward the request and  success here we go Boom!!!!

     

     

     

    SEEYAA FOR TODAY GUYS HAPPY SAFE SEARCH!!!!!!!!!!!

    Author

    • KRiPPto99

      View all posts

    bugbounty bugbountytips Cyber-Security Ethical-Hacking hackking how to start bugbounty howtobypassotp otp otpbypass otpbypass2022
    Share. Facebook Twitter Pinterest LinkedIn Tumblr Email
    Previous ArticleXSS Cheat Sheet
    Next Article Pause DeSync Attack :
    KRiPPto99

    Related Posts

    Cyber Security

    Ultimate Guide to Attack Surface Scanning

    April 10, 2025
    Cyber Security

    Recent Trends in Zero Trust Architecture

    March 3, 2025
    Cyber Security

    Modern Defensive Cybersecurity Services

    December 29, 2024
    Add A Comment
    Leave A Reply Cancel Reply

    Advertisement
    Top Posts

    How to install waybacksurls in kali linux (2022)

    September 23, 20222,488 Views

    File Upload XSS | Find XSS in a different way while doing Bug bounty and Pentesting

    January 13, 2023829 Views

    OSCP Cheat Sheet

    October 16, 2022690 Views
    Stay In Touch
    • Facebook
    • YouTube
    • TikTok
    • WhatsApp
    • Twitter
    • Instagram
    Latest Reviews

    Subscribe to Updates

    Get the latest tech news from FooBar about tech, design and biz.

    Advertisement
    X (Twitter) Instagram LinkedIn WhatsApp Telegram
    • About us
    • Contact Us
    • Privacy Policy
    • Terms
    © 2025 HITH Blog. Powered by Hackerinthehouse.

    Type above and press Enter to search. Press Esc to cancel.

    Ad Blocker Enabled!
    Ad Blocker Enabled!
    Our website is made possible by displaying online advertisements to our visitors. Please support us by disabling your Ad Blocker.