OTP Bypass — Weak brute-force protection

Bypassing OTP by Brute Force

Hello Tech Guys,

Here we are going to look, How to bypass OTP in weak websites for Bug Bounty…

First we take a look, What is brute force ???

“Brute force is a method of solving problems or cracking security mechanisms by systematically trying every possible combination or solution until the correct one is found. In the context of cybersecurity, brute-force attacks are used by attackers to gain unauthorized access to accounts, systems, or encrypted data by trying all possible passwords, encryption keys, or other access credentials until they succeed.”

How to Bypass…..

Choice your target that will sent OPT by Email/Phone number

Get ready with your Burp Suite…

Enter your credentials to receive an OTP. (Don’t capture the packet in Burp Suite)Start the proxy in the Burp to capture the packet.Enter wrong OTP for example “0000” if you are received/asking for 4 digit OTP.Sent the right packet (with OTP that you entered “wrong” to burp intruder.Mark the payload as the OTP, and set the payload type as number.Set the number 0000 to 9999.Start the Attack, you can find the correct OTP.

The burp test verify possible combinations from 0000 to 9999, to find right OTP.

For bug testing, set the OTP range from -10 to +10 from you received OTP, this reduce the number of request and time.

You might thing, after knowing the right OTP set the range is not an Bug.

Yes it is an bug, we are proving it is possible to bypass the OTP by brute force.

Note :- This methods only works if the target is vulnerable for rate limiting,

To know about rate limiting take a look of previous blog.