|
☎ 18001237177 |
Login
OTP Bypassing
Ethical hacking is fun but under limits. One of the things every hacker tries is OTP Bypassing. There are different ways from which we easily bypass the login credentials with the help of OTP bypassing.
What is OTP :
OTP stands for a one time password which is used to login in a registered account. it provides a mechanism to login into a network for a single session only.
The OTP SMS gateway provider is more connected than the static PIN or password code, especially the PIN or password code generated by the user, which is usually weak. OTPs can restore verification sign-in details or add to it a different kind of strict security.
In this ethical hacking project, I will explain the whole process to bypass OTP using Burp-Suite.
Looking to build projects on Ethical Hacking?:
Ethical Hacking Kit will be shipped to you and you can learn and build using tutorials. You can start for free today!
Prerequisite:
Firstly, target any site or we can say select any site for the attack (i.e www.anyexample.com) any website?
Create a profile (register) or you can log in any one account, because login an account also needs to verify the OTP process, this is also called an account takeover.
Step1: It is to configure your browser proxy with the burp suite and burp suite proxy listener, for this you need to change your browser settings by going into preferences and then in the proxy setting.
So the proxy host address is by default 127.0.0.1. And the port is 8080 by default for both protocols (HTTP and HTTPS)
Want to develop practical skills on Ethical Hacking? Checkout our latest projects and start learning for free
NOTE: If it is not running then burp is not able to open default proxy.
Step2: Now, After Setting up account or login credentials, it needs OTP to verify. Now, turn ON your burpsuite’s intercept.
Intercept: It captures the packet coming from the website or Server. Now, we will capture the packet which was being sent over as a request packet to the server. (Now if you want to do the brute force attack, you can do it easily.)
Now, type any wrong OTP and intercept after capturing the request, do action and send it to the intruder. After sending to the intruder forward the post request. Then the packet code reaches to the intruder from the server.
Points to remember:
#In the response the server gives error as (0) and if the statement is successful it gives(1).
#Sometimes it gives errors in code, so change it to Success.
#Sometimes, it gives incorrect, changes it to Success. Now according to the server code change it to success or 1, and forward the request to the server. After you send the request to the server, it accepts the query and says OTP is correct.
And hence OTP is bypassed.
There are different methods to bypass OTP, many others were possible because of the lacklustre of the security personnel where they do not apply security.due to which you can apply different methods to bypass OTP. One other way of bypassing the OTP with an attack is called no rate limit attack or we can say a brute-force attack.
Did you know
Skyfi Labs helps students learn practical skills by building real-world projects.
You can enrol with friends and receive kits at your doorstep
You can learn from experts, build working projects, showcase skills to the world and grab the best jobs.
Get started today!
Join 250,000+ students from 36+ countries & develop practical skills by building projects
Get kits shipped in 24 hours. Build using online tutorials.
Stay up-to-date and build projects on latest technologies