2FA -Authentication(OTP) Bypass
Hello, guys hope you all are doing good.
Firstly I would like to thank everyone for showing much love and support on my first bounty write-up which inspired me to share a few more nudges with the community.
Link to my first bug — (https://medium.com/@balapraneeth98/journey-to-my-first-bug-hunt-6dc5e4552128)
So unlike my first bug, this write-up is going to be very short and crisp which details about the way you can bypass an OTP auth function whenever you come across it next time.
Methodology —
- Since its a non-disclosure program I cannot disclose the website name so let's assume it as vulnerable.com
- So initially I created an account and logged in to it. Slowly I started to enumerate and explore the functionalities and test for CSRF(that's my first love. JK) had no luck there.
- The application required to verify the phone number of the user in order to check with the legit users of the application.
- At this point, I started to check for the OTP auth bypass.
Hacking Process —
- So entered my phone number and waited for the OTP and yes I have received the legit one.
- Now I have entered the passcode and intercepted the request in burp
- At this point, I was analyzing the request of the OTP and intercepted the response back in burp. In simple terms (Do intercept response to this request and forwarded it.)
- Checked the response which had { “verification”:true,” contact”:(phone-number-here),”id”:12345}
- Created a new account and followed the mentioned steps until the OTP auth process again.
- But this time entered the wrong phone number and intercepted the request
- Did an intercept response to this request and forwarded it.
- Observed the same parameters it returned back as { “verification”:false,” contact”:(phone-number-here),”id”:12345}
- All I had to do was change the parameter value from false to true and it was a successful bypass.
- Reported to the company and got paid 200$ ☺
Nudge:
Always check for the response of the request while checking for the OTP bypass. Hope this article was helpful.
Collaboration and networking is something that I always enjoy. Let’s connect
Twitter — https://twitter.com/Begin_hunt
Linkedin — https://www.linkedin.com/in/balapraneeth/
Happy hacking !!!
If you have reached this far, thank you for reading this article. Kindly feel free to point out any mistakes and do let me know where I can improve in writing and explaining in detail. Appreciate it!!. All the best. God bless