Hello Greeting All,
Today we will Discuss One interesting Topic OTP (One time password) Bypass ! How hackers able to Bypass OTP Schema On Web Or Mobile based application. As You know A one-time password (OTP) is an automatically generated numeric or alphanumeric string of characters that authenticates the user for a single transaction or login session.
OTP are used For extra security layer To secure User authentication but in some case in some vulnerable website We can easily Bypass OTP two factor authentication verification schema On web or application based platform .
There are few techniques that we can bypass OTP Schema
→ Response mnipulate
→ Bruteforce
→ Sms forwarding
→ Broken authentication we can use any random value
Here, We will discuss about How attacker able to bypass OTP Schema by response manipulate technique . If You don’t know What is response manipulate is a technique attacker try to analyze Request using some proxy tool attacker can change value of Response without entering correct OTP.
Steps Of Testing:
1. Here We have a vulnerable Application which allow us to Bypass OTP Schema That consist broken authentication schema.
As when We login Or Sign up as authenticate some application ask for OTP Confirmation,
As above picture when user enter OTP Confirmation Code which comes to User Email After entering OTP we can access as Authenticate user ,2. Here For checking Is application is vulnerable for OTP Bypass we will use some random OTP 0000 Value
As above picture we Entered wrong OTP Value ,Now, here we have to do before Click Verifiy Open Some proxy tool to intercept Request here we will use Burp which help us to intercept request and We can change Response .
3.click verify Confirmation OTP with Random Value and Intercept Request using Burp
As above picture We have captured request As POST request code=0000 with Random Value , here to check or edit response Right Click Your Mouse → Do intercept → Response to this HostNow, As Response :
As above picture As result 400 bad Request that mean we have entered Wrong OTP value ,Now, The main point is come here Now we we bypass this 400 bad request by Response manipulate here simply We need to make change On response section ,
Now, as above picture we change value 400 bad request → 200 OK and, “err”:no more attempts allowed”,”ECODE”:”usr_069”}( Note: Different web You will get different Response Technique is same) as error response We change value as { }Now , Forward this Response and as result we have successfully bypass authentication schema due to broken authentication schema.
As Today we discussed How Hacker Able to bypass OTP schema Using Response manipulate Techniques . This Blog only For Educational Purpose.
Stick with our Blog series to learn more.
For more interesting topics please visit www.securiumsolutions.com/blog
Author: Pallab Jyoti Borah , IT Security Analyst
ThankYou
Enroll here for training and certification at a discounted price: Click Here
Referred By
Securium Solutions
