Hello Hackers,
Hope you guys Doing well and hunting lots of bugs and Dollars !
Well, so for today I’m back with one of my recent findings. Which I would like to share with you guys. That is OTP bypass with response manipulation techniques.
What is response manipulation?
Response manipulation is a technique where attackers make changes in the response before it reaches to the browser. With the help of response manipulation, sometimes you can bypass 2FA or Authentication and many more things.
lets get started and talk about the finding
As I was hunting for a private program, I noticed there is a feature where you can add your Paytm number. while adding it you have verify it via OTP. so I decided to bypass this OTP. As I tried all my different techniques to bypass OTP, But had no luck.
So I tried to add my own number there and carefully observed the request and response. Basically, I was looking there that OTP somehow leaking in response?
But again No luck !
while looking at requests and responses, I observed that there is only a single major difference over there while comparing with right & wrong OTP responses.
if you will enter the wrong OTP then in the response you will get
(“ success”: false, “message”: “otp-mismatch”)
and if you will enter the right OTP then in the response you will get
(“ success”:true,”paytmno”:”1234567890")
and the rest responses were the same.
so once I observed this and I decided to manipulate the response for the wrong OTP with the true OTP response.
so Again I Added another number (9999999999), then the web application asks for OTP and I enters the wrong OTP.
capture the request and response via proxy and change the response as
(“ success”:true,”paytmno”:”9999999999 “) from
(“ success”: false, “message”: “otp-mismatch”)
After passing the request, That number is successfully updated as a new Paytm number.
Hence, OTP bypassed Successfully
Hope this is useful for you guys
Happy Hacking !
Twitter handle :- https://twitter.com/Xch_eater