Steps how to bypass 2FA which can lead to account takeover.
1. Login through account with Right Credentials.
2. Enter correct OTP which you have received.
3.Intercept the above request in burp suite when you click verify code. Then right click and do intercept response to this request.
4. Copy the intercepted response for the above request to notepad
5.Log out from your Account
6.Login with second account and when enter random OTP.
7. Intercept the request in burpsuite when you click and verify code, right click and do intercept response to this request
8. Modify the response, paste the response from notepad and click forward
> Initial Response. (200 OK)
> Modified Response (302 Found)
9. If you are logged in as second user , then you have successfully bypassed 2FA.
Commentaires