2FA -Authentication(OTP) Bypass

Hello, guys hope you all are doing good.

Firstly I would like to thank everyone for showing much love and support on my first bounty write-up which inspired me to share a few more nudges with the community.

Link to my first bug — (https://medium.com/@balapraneeth98/journey-to-my-first-bug-hunt-6dc5e4552128)

So unlike my first bug, this write-up is going to be very short and crisp which details about the way you can bypass an OTP auth function whenever you come across it next time.

Methodology —

1. Since its a non-disclosure program I cannot disclose the website name so let's assume it as vulnerable.com
2. So initially I created an account and logged in to it. Slowly I started to enumerate and explore the functionalities and test for CSRF(that's my first love. JK) had no luck there.
3. The application required to verify the phone number of the user in order to check with the legit users of the application.
4. At this point, I started to check for the OTP auth bypass.

Hacking Process —

1. So entered my phone number and waited for the OTP and yes I have received the legit one.
2. Now I have entered the passcode and intercepted the request in burp
3. At this point, I was analyzing the request of the OTP and intercepted the response back in burp. In simple terms (Do intercept response to this request and forwarded it.)
4. Checked the response which had { “verification”:true,” contact”:(phone-number-here),”id”:12345}
5. Created a new account and followed the mentioned steps until the OTP auth process again.
6. But this time entered the wrong phone number and intercepted the request
7. Did an intercept response to this request and forwarded it.
8. Observed the same parameters it returned back as { “verification”:false,” contact”:(phone-number-here),”id”:12345}
9. All I had to do was change the parameter value from false to true and it was a successful bypass.
10. Reported to the company and got paid 200$ ☺

Nudge:

Always check for the response of the request while checking for the OTP bypass. Hope this article was helpful.

Collaboration and networking is something that I always enjoy. Let’s connect

Twitter — https://twitter.com/Begin_hunt

Linkedin — https://www.linkedin.com/in/balapraneeth/

Happy hacking !!!
If you have reached this far, thank you for reading this article. Kindly feel free to point out any mistakes and do let me know where I can improve in writing and explaining in detail. Appreciate it!!. All the best. God bless