Tweet
Tweet

Slide 1

Slide 1 text

MFA and misconfiguration 2FA Bypass

Slide 2

Slide 2 text

WHO AM I ? -PENTRARTION TESTER -BUG BOUNTY HUNTER -ADMIN OF KONG CYBER SECURITES

Slide 3

Slide 3 text

2 FACTOR AUTHENTICATION IS METHOD OF UTILIZING A HANDHELD DEVICE AS AN AUTHENTICATOR FOR ONLINE PORTALS What is 2FA ?

Slide 4

Slide 4 text

SESSION MANAGEMENT Methods to bypass 2FA REQUEST MANIPULATION RESPONSE MANIPULATION

Slide 5

Slide 5 text

No content

Slide 6

Slide 6 text

REQUIREMENTS Chrome browser, Cookie Editor P Sub-domain to domain bypass

Slide 7

Slide 7 text

SITE.COM HAVE 2FA ENABLED BUT NOT VULNERABLE FOR SESSION ISSUE 1. 2. SUB.SITE.COM IS VULNERABLE FOR SESSION ISSUE 3.EXPORT THE COOKIES FOR SUB.SITE.COM AFTER LOGIN 4. IMPORT COOKIES OF SUB.SITE.COM AND 5. CHANGE THE VALUE OF SUB.SITE.COM TO SITE.COM TO ABUSE MAIN DOMAIN

Slide 8

Slide 8 text

Refresh page !!!

Slide 9

Slide 9 text

BURPSUITE & FIREFOX IS YOUR FRIEND Request manipulation CAPTURE REQUEST WHERE WE GET OTP FROM SERVER OBSERVE REQUEST AND MODIFY IT

Slide 10

Slide 10 text

No content

Slide 11

Slide 11 text

No content

Slide 12

Slide 12 text

REGISTER WITH VALID ACCOUNT TO GET VALID RESPONSE , USE ANY TEST ACCOUNT GO TO BURPSUITE> DO INTERCEPT >RESPONSE TO THIS REQUEST COPY OLD RESPONSE WHICH IS VALID WHICH WE GENRATED FOR TEST ACCOUNT Response manipulation to desk hacking (2FA) CAPTURE REQUEST AFTER PUTTING OTP

Slide 13

Slide 13 text

No content

Slide 14

Slide 14 text

No content

Slide 15

Slide 15 text

No content

Slide 16

Slide 16 text

No content

Slide 17

Slide 17 text

No content

Slide 18

Slide 18 text

No content

Slide 19

Slide 19 text

I WAS ABLE TO SIGN IS AS THEIR SECURITY MAIL ABLE TO VIEW ALL BUG REPORTS AND REPLY TOO This is how bypass works and leads to giant problem

Slide 20

Slide 20 text

Thank you -Aditya Shende