2FA ByPass Method | 13 Идей для обхода 2FA

[dxcpw]

Увидел в одном канале этот PDF-документ, прошелся быстро глазами, подробных инструкций, конечно, нет, но всё таки есть над чем подумать и куда копать по обходу 2FA в вашей конторе.

В документе предложены и кратко рассказаны 13 методов реализации обхода 2FA.

Возможно, будет полезно для изучения!)

36.1 KB file on MEGA

mega.nz

Если маник был на форуме, можете удалить тему.

 

[artur79]

Возможно

 

[KinTeySer]

Интересно

 

[ringlight]

Dont have enough post to check but sure it will be interest to see 2fa bypass method because many target these day have some second authentication.

 

[ski]

1.Response manipulation
1) Enter correct OTP
2) Intercept response
3) Enter wrong OTP
4) Intercept response and chaneg it with correct response
2.Status Code Manipulation If Status Code is 4xx Try to change it to 200 OK and see if it bypass restrictions

3.Direct bypass

 

[ski]

bypassing 2fa have lots of techniques but this are basics and why you put reactions for it idk. Because everything is already public nothing new into this pdf

 

[RedNode]

1.Response manipulation
1) Enter correct OTP
2) Intercept response
3) Enter wrong OTP
4) Intercept response and chaneg it with correct response
2.Status Code Manipulation If Status Code is 4xx Try to change it to 200 OK and see if it bypass restrictions

3.Direct bypass

This method can work with some targets if do it correctly with burpsuit but 100% not paypal or banking website

 

[torbee]

Awesome

 

[Homeaway]

Good