Bypassing OTP systems

#otp #pentest #penetration #testing

Hi guys, I came across the following blog post on medium describing a method of bypassing OTP:

https://systemweakness.com/bypassing-otp-verification-797851057e79

I want to prevent this in my applications but the the article doesn't actually say which tool is used to perform the modified header attack.

Does anyone know how this is achieved? I know about HTTP catcher tools but not aware of such a tool that can successfully modify the request? Can anyone shine some light on this as I see this as a serious security flaw that needs attention.

Thank you

Top comments (0)

Create Test Coverage Visualizer and Deploy to AWS S3 with Cloud development Kit (CDK) and GitHub Actions

Kevin Lactio Kemta - Sep 2

A Comprehensive Guide to Test Cases in Software Testing

keploy - Sep 2

Strengthening Pact Contract Testing with TypeScript and Data Abstraction

Murat K Ozcan - Sep 2

5 Best Cross Browser Testing Tools to Watch Out for in 2024

Steve Wortham - Sep 2

DEV Community