2FA BYPASS

Hey there learners , so i got you my write-up on how i bypassed 2fa (2 factor authentication) by changing the response from authenticated one to unauthenticated so basically i was being to get into the dashboard when i changed response and got into it as fully authenticated user , less theory and lets just jump in :D

• First i’ve logged in my account using the right credentials account 1. kishan_456

• After login it asked me for OTP which was sent on my number

• Entered the OTP which was sent on my phone

• Clicked “Verify code “ and Intercepted the request and intercepted the Response and copy the response to your notepad.

• Response

• im logged in now

• logged out from the browser and opened a firefox private browsing tab logged in with the creds as kishan_123 (2nd account) it asked for a OTP, enter OTP as 123456

• Click verify code and intercept the request and response , the response will be 200 which will be a error so instead of 200 response paste the response which we intercepted earlier on the 1st account.

Initial response:

modified response:

• Once clicked forward in Burpsuite it redirected me directly into the dashboard

Bounty: 300$

i hope you guys liked it :D