2FA bypassing for bug bounties

B46a00cafe34a9437d3a5bc6afc5bee3?s=47 Aditya Shende
September 26, 2020

2FA bypassing for bug bounties

1. Background concept about 2FA bypass
-With advent of account takeovers, Companies like Google, Facebook have implemented this feature on various sensitive pages where an attacker could get or modify data of a user without his intent. This Authentication method improves the security posture & provides a secure access to users. Using two-factor authentication prevents hackers or attackers from compromising your account even if your account credentials are leaked publicly or bypasses.
2. Impact of 2fa bypass
-ticket system takeover, unauthorized email verification bypass, account
3. Types of 2fa bypass request and response manipulation.
-In this we need people who are known to burpsuite and lil bit logical mindset
4. Security mis-configuration
Session hijacking, Subdomain to domain bypass, missing and broken links, input validation

B46a00cafe34a9437d3a5bc6afc5bee3?s=128

Aditya Shende

September 26, 2020
Tweet

Transcript

  1. MFA and misconfiguration 2FA Bypass

  2. WHO AM I ? -PENTRARTION TESTER -BUG BOUNTY HUNTER -ADMIN

    OF KONG CYBER SECURITES
  3. 2 FACTOR AUTHENTICATION IS METHOD OF UTILIZING A HANDHELD DEVICE

    AS AN AUTHENTICATOR FOR ONLINE PORTALS What is 2FA ?
  4. SESSION MANAGEMENT Methods to bypass 2FA REQUEST MANIPULATION RESPONSE MANIPULATION

  5. None
  6. REQUIREMENTS Chrome browser, Cookie Editor P Sub-domain to domain bypass

  7. SITE.COM HAVE 2FA ENABLED BUT NOT VULNERABLE FOR SESSION ISSUE

    1. 2. SUB.SITE.COM IS VULNERABLE FOR SESSION ISSUE 3.EXPORT THE COOKIES FOR SUB.SITE.COM AFTER LOGIN 4. IMPORT COOKIES OF SUB.SITE.COM AND 5. CHANGE THE VALUE OF SUB.SITE.COM TO SITE.COM TO ABUSE MAIN DOMAIN
  8. Refresh page !!!

  9. BURPSUITE & FIREFOX IS YOUR FRIEND Request manipulation CAPTURE REQUEST

    WHERE WE GET OTP FROM SERVER OBSERVE REQUEST AND MODIFY IT
  10. None
  11. None
  12. REGISTER WITH VALID ACCOUNT TO GET VALID RESPONSE , USE

    ANY TEST ACCOUNT GO TO BURPSUITE> DO INTERCEPT >RESPONSE TO THIS REQUEST COPY OLD RESPONSE WHICH IS VALID WHICH WE GENRATED FOR TEST ACCOUNT Response manipulation to desk hacking (2FA) CAPTURE REQUEST AFTER PUTTING OTP
  13. None
  14. None
  15. None
  16. None
  17. None
  18. None
  19. I WAS ABLE TO SIGN IS AS THEIR SECURITY MAIL

    ABLE TO VIEW ALL BUG REPORTS AND REPLY TOO This is how bypass works and leads to giant problem
  20. Thank you -Aditya Shende