2FA / OTP

https://xmind.ai/share/ph6inJpw

Methods

2FA BypassSecurity Cipher

Bug-Bounty-Methodology/2FA.md at main · tuhin1729/Bug-Bounty-MethodologyGitHub

Session Manipulation

Response:

Set-Cookie: SESSID=QlZOWEY3MTIzNDcyNA==

Decoded Cookie:

BVNXF71234724

Craft a session cookie to bypass OTP

OTP Bypass through Session ManipulationMedium

Bruteforce OTP with Turbo Intruder

Bypassed the OTP verification process using “Turbo Intruder” Extension.Medium

wfuzz -d '{"email":"hacker@email.com", "otp":"FUZZ","password":"NewPassword1"}' -H 'Content-Type: application/json' -z file,/usr/share/wordlists/SecLists-master/Fuzzing/4-digits-0000-9999.txt -u http://crapi.apisec.ai/identity/api/auth/v2/check-otp --hc 500

Reset Password

• In account 1, go to the "Forgot Password" field and enter the email address to reset the password. Once done, an OTP (One-Time Password) will be generated and sent to the email.

• Enter the correct OTP and copy the response.

• Now, in account 2, enter the victim's email address and click "Forgot Password". The OTP will be sent to the victim's email (account 2).

• Then, enter a random OTP, for example 1111 (a random OTP, knowing that OTPs can vary between 4 and 6 digits).

• Intercept the request sent to the server.

• Modify the response of this request and replace the random OTP with the correct OTP you obtained in step 2.