🐞Sara Badran Profile picture
Aug 23 11 tweets 10 min read
2FA Bypass Techniques thread 🔥🐞🔓
-------------------------

📌2FA Code Leakage in Response:

You can intercept otp using burpsuite and inspect http response and check if the 2FA code leaked

#hackerone #BugBounty #bugbountytips #BugBountyTip Image
2. JS File Analysis:
----------------

📌Analyze all the JS Files that are referred in the response to see if any JS file contains information that can help bypass 2FA code.

#hackerone #BugBounty #bugbountytips
#hackeronereport #Bugbountywriteupspublished #BugBountyTip Image
3. Lack of brute-Force Protection:
-----------------
📌type 2FA code and capture request using burpsuite
📌send request to intruder and send request for 100–200 times .
📌At 2FA Code Verification page, try to brute-force for valid 2FA and see if there is any success.
4. Missing 2FA Code Integrity Validation:
-------------------
📌Request a 2FA code from the attacker’s account.

📌Use this valid 2FA code in the victim 2FA Request and see if it bypasses the 2FA protection.

#hackerone #BugBounty #bugbountytips
#bugbountytips
#bugbountytip
5.2FA Refer Check Bypass:
----------------
📌navigate to the page which comes after 2FA or any other authenticated page of the application.
If there is no success, change the refer header to the 2FA page URL.

#hackerone #BugBounty #bugbountytips
#bugbountytips
#bugbountytip
6. Enabling 2FA Doesn’t Expire Previous Session:
-------------------
In this scenario, if an attacker hijacks an active session before 2FA, it is possible to carry out all functions without a need for 2FA.

#hackerone #BugBounty #bugbountytips
#bugbountytips
#bugbountytip
7. Clickjacking on 2FA Disable Feature:
--------------------

Try to iframe the page where the application allows a user to disable 2FA.

#hackerone #BugBounty #bugbountytips
#bugbountytip
8. Response Manipulation:
----------------

📌 Check response of the 2FA Request.

📌 If you observe “Success”:false, change this to “Success”:true and see if it bypasses the 2FA.

#hackerone #BugBounty #bugbountytips
#bugbountytip
9. Status Code Manipulation:
----------------
📌If the Response Status Code is 4xx like 401, 402, etc.

📌 Change the response Status Code to “200 OK” and see if it bypasses the 2FA.
10. 2FA Code Reusability:
----------------

📌 Request a 2FA code and use it.

📌 Now, re-use the same 2FA code in another session and if it authenticated successfully, that’s a potential issue.

#hackerone #BugBounty
#bugbountytips
#bugbountytip
11. CSRF on 2FA Disable Feature:
---------------
📌 Navigate to 2FA Page and click on “Disable 2FA” and capture this request with Burp Suite & generate a CSRF PoC.

📌 Send this PoC to the victim, and check if CSRF happens successfully and remove the 2FA from the victim account.

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with 🐞Sara Badran

🐞Sara Badran Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @SaraBadran18

Aug 14
Platforms to practice hacking 🔥❤🐞 → Tryhackme
→ Hackthebox
→ Pentester Lab
→ tcm-security
→ Vulnhub
→ Offensive Security
→ Vulnmachines
→ Portswigger Web Security Academy
→be practical
1/3
#bugbountytips #Ethicalhacking #cybersecuritytips #bugbountytip #infosec
→ Hacker101
→ PicoCTF
→ HackMyVm
→ Try2hack
→ Cybrary
→ RangeForce
→ Letsdefend
→ vhackinglabs
→ Hacksec42
→ BugBountyHunt3r
→ CyberSecLabsUK
→ certifiedsecure
→ CTFTime
→ 247CTF
2/3
#bugbountytips #Ethicalhacking #cybersecuritytips #bugbountytip
→Alert to win
→Attack-Defense
→Bancocn
→Certified Secure
→CMD Challenge CryptoHack
→CTF Komodo Security
→Ctftime
→Cyberdefenders
→CyberSecLabs
→EchoCTF
→Explotation Education
→Google CTF
→Hack The Box
→Hackaflag BR
→Hacker Security
#bugbounty
Read 5 tweets

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Don't want to be a Premium member but still want to support us?

Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal

Or Donate anonymously using crypto!

Ethereum

0xfe58350B80634f60Fa6Dc149a72b4DFbc17D341E copy

Bitcoin

3ATGMxNzCUFzxpMCHL5sWSt4DVtS8UqXpi copy

Thank you for your support!

Follow Us on Twitter!

:(