Hey Guys today, I am going to show you how I bypass OTP (One_Time_Password) during a Website Penetration test or find a bug on the website from a bug bounty point of view.
My first step was understanding the website and its functions. Like how the website is working. After registering on the website with my credentials, I returned to the login page for further testing. As you know for the login page, we have many attacks to perform.
So on the login page, I entered my login credentials, but after logging I was directed to a second page which showed me that a text message containing an OTP was sent to my phone. This showed that the website had implemented Two-Factor Authentication (2FA).
However. While monitoring the request sent and received, I noticed something uncommon, that there was no request being sent to validate the OTP code I entered. I have checked this from Burpsuite. So the OTP validation had to be performed on the frontend side of the site.
For Further testing, I analyzed the Frontend code, and it didn’t take long for me to find the flaw. The OTP code was embedded within the HTML code that has been sent to my device. It was hidden in an input element.
In short, the developers of this system left a security breach. The OTP bypass should have been validated on the backend. Well, at this time this bug has been fixed so I am writing this article. for more articles please subscribe to technicalmeer.com.