top of page
This site was designed with the
.com
website builder. Create your website today.Start Now
Search
  • Writer's pictureHackt3r
    • Apr 4, 2022
    • 3 min read

2FA… To Bypass

Hello everyone.


Hope you are doing good. Today let us talk about 2 Factor Authentication bypass, and how it can be done. Without any delay let us dive into our maze.


What is 2FA

2FA stands for 2-factor authentication. It is used as an additional layer of security for user accounts. This simply means there will be two factors for you to authenticate into your account. One is simply your credentials, and if due to some case they are compromised the additional layer(second authentication) can protect your account from getting takeover.


This can be of many forms like

— Sending verification code to email

 — Sending OTP to email or mobile number

 — Third-party app-generated codes

 — Verification through QR codes

 — SMS verification


This provides an extra layer of security for user accounts. Even if your credentials got exposed, your account can still be safe if you have your 2FA turned on. But what if this 2FA is also vulnerable. Then your account is not safe even if you have your 2FA turned on. So this vulnerability is a serious one and can be used to take over other accounts without even letting the user know what is happening with their account.



How to check for 2FA bypass

There are many ways to bypass 2FA, but let us learn how to bypass 2FA using some of the techniques which are easy and yet effective.


Method 1 (OTP Bypass)

  1. Sign up for an account.

  2. Enable 2FA in settings.

  3. Logout from your account.

  4. Log in again using your credentials.

  5. Switch on your proxy(BURP) and have your intercept on.

  6. Now when it asks for your OTP, enter the wrong OTP and send the request.

  7. Get into your burp and see how the OTP parameter is being sent.

  8. Depending on how the OTP parameter is handled we can move forward in many ways.

i) If there is a message at the end showing the response as 1(for success) or 0(for failure), try changing the number and see if you can bypass it.


ii) If there is a message such as SUCCESS or FAILURE, then try changing the terms and see if you can bypass it.


iii) Check how the OTP is generated, if it is giving you sequential numbers for every OTP you request then try the next number for your next login.


iv) Try brute-forcing the OTP parameter (this can be chained to Rate Limiting, check out my previous articles to know more about rate limiting)


v) Try removing the OTP parameter completely from the request and forward it and see if you can bypass it.

Try changing {email:’abc@abc.abc’, OTP:’123456’} into {email:’abc@abc.abc’}


vi) Try giving NULL or BLANK value in the place of the OTP, and see if you can bypass.

Try changing {OTP:’123456’} into {OTP:”}

Try changing {OTP:’123456’} into {OTP:’null’}


Other Methods

i) Try for Boolean values like TRUE in place of FALSE, where ever you can find them.

Try changing {success:’false’} into {success:’true’}

Try changing {valid:’false’} into {valid:’true’}

Try changing {OTP:’23243′} into {OTP:’true’}


ii) Try changing the response code from 4xx to 200 and check it.


iii) Change the password of the account and see if the password is being changed without asking for 2FA. If so then it is vulnerable.


These are some of the ways you can use to bypass 2FA, play around and see if you can find any.



That’s all from my side today guys. Hope you have enjoyed reading this as much as I enjoyed writing this and catch you up again in the next post with another vulnerability. Check out my Instagram to know more about Tips and Tricks to finding bugs.


Till then take care and Happy Hacking!!!👋👋


14 views0 comments

Recent Posts

See All
bottom of page