8 Awesome 2FA Bypass Techniques 🗝️
1. Access Next Endpoint Directly
- Just try to access the next endpoint directly (you need to know the path of the next endpoint)
- If this doesn't work, try to change the Referrer header as if you came from the 2FA page.
2. Sharing Unused Code
- Check if you can get for your account a token and try to use it to bypass the 2FA in a different account.
3. Leaked Code
- Is the token leaked on a response from the web application?
4. Password Reset Function
- In almost all web applications the password reset function automatically logs the user into the application after the reset procedure is completed.
5. Reuse 2FA Code
- Also, try requesting multiple 2FA codes and see if previously requested Codes expire or not when a new code is requested
6. Brute Force
- There is any limit in the amount of codes that you can try, so you can just brute force it.
7. Response Manipulation
- Change failed response to success response
- Change failed status code to success status code
8. Rate Limit Bypass
- Using Similar Endpoints:
/sign-up --> /Sign-up - Blank char in params:
code=1234%0a - Change Origin IP using header:
X-Forwarded-For: 127.0.0.1 - Add extra params:
/resetpwd?someparam=1</br>
Credit
Based on hacktricks's web page.
Based on hacktricks's web page.