Upgrade to Pro — share decks privately, control downloads, hide ads and more …

2FA bypassing for bug bounties

Aditya Shende
September 26, 2020

2FA bypassing for bug bounties

1. Background concept about 2FA bypass
-With advent of account takeovers, Companies like Google, Facebook have implemented this feature on various sensitive pages where an attacker could get or modify data of a user without his intent. This Authentication method improves the security posture & provides a secure access to users. Using two-factor authentication prevents hackers or attackers from compromising your account even if your account credentials are leaked publicly or bypasses.
2. Impact of 2fa bypass
-ticket system takeover, unauthorized email verification bypass, account
3. Types of 2fa bypass request and response manipulation.
-In this we need people who are known to burpsuite and lil bit logical mindset
4. Security mis-configuration
Session hijacking, Subdomain to domain bypass, missing and broken links, input validation

Aditya Shende

September 26, 2020
Tweet

More Decks by Aditya Shende

Other Decks in Technology

Transcript

  1. 2 FACTOR AUTHENTICATION IS METHOD OF UTILIZING A HANDHELD DEVICE

    AS AN AUTHENTICATOR FOR ONLINE PORTALS What is 2FA ?
  2. SITE.COM HAVE 2FA ENABLED BUT NOT VULNERABLE FOR SESSION ISSUE

    1. 2. SUB.SITE.COM IS VULNERABLE FOR SESSION ISSUE 3.EXPORT THE COOKIES FOR SUB.SITE.COM AFTER LOGIN 4. IMPORT COOKIES OF SUB.SITE.COM AND 5. CHANGE THE VALUE OF SUB.SITE.COM TO SITE.COM TO ABUSE MAIN DOMAIN
  3. BURPSUITE & FIREFOX IS YOUR FRIEND Request manipulation CAPTURE REQUEST

    WHERE WE GET OTP FROM SERVER OBSERVE REQUEST AND MODIFY IT
  4. REGISTER WITH VALID ACCOUNT TO GET VALID RESPONSE , USE

    ANY TEST ACCOUNT GO TO BURPSUITE> DO INTERCEPT >RESPONSE TO THIS REQUEST COPY OLD RESPONSE WHICH IS VALID WHICH WE GENRATED FOR TEST ACCOUNT Response manipulation to desk hacking (2FA) CAPTURE REQUEST AFTER PUTTING OTP
  5. I WAS ABLE TO SIGN IS AS THEIR SECURITY MAIL

    ABLE TO VIEW ALL BUG REPORTS AND REPLY TOO This is how bypass works and leads to giant problem