Bypassing OTP systems

#otp #pentest #penetration #testing

Hi guys, I came across the following blog post on medium describing a method of bypassing OTP:

https://systemweakness.com/bypassing-otp-verification-797851057e79

I want to prevent this in my applications but the the article doesn't actually say which tool is used to perform the modified header attack.

Does anyone know how this is achieved? I know about HTTP catcher tools but not aware of such a tool that can successfully modify the request? Can anyone shine some light on this as I see this as a serious security flaw that needs attention.

Thank you

Top comments (0)

Using faker and pandas Python Libraries to Create Synthetic Data for Testing

rahulbhave - Sep 15

How to Inspect Element on an Android App (Actual App, not Web)

Prakhar Shakya - Oct 18

Bruno: The Git-Powered API Client 🚀

Pragadesh-45 - Oct 18

Mastering Unit and Integration Testing for Minimal APIs in .NET 8: Best Practices for High-Quality Code

Leandro Veiga - Oct 20

DEV Community