Bruteforce OTP Bypass

[bx70]

Can anyone bruteforce 6 digit OTP verification for payment ...maybe a script written in python..there is no need for captcha solving.

 

[Salvador_Dali]

Can anyone bruteforce 6 digit OTP verification for payment ...maybe a script written in python..there is no need for captcha solving.

Burp Suite

 

[nescan]

Can anyone bruteforce 6 digit OTP verification for payment ...maybe a script written in python..there is no need for captcha solving.

Can you tell where you found otp without captcha?

 

[givirus]

Burp Suite

How can this be done with Burp Suite?

 

[Salvador_Dali]

How can this be done with Burp Suite?

 

[Respe]

Большинство систем имеют особую безопасность.После определенной попытки вы получаете запрет.В свое время мы напечатали бота для Facebook.Для 6-значного кода сброса.Но после 10 попыток они ограничили нас нашим ip-адресом.

 

[rlz]

You have found out some website which has weak security while verifying OTP? The weakness can be confirmed with Burpsuite Intruder function. Rest Majority of website like banks and all popular service will have limitation check.

 

[pur3bumps]

How can this be done with Burp Suite?

By capturing the request and using Intruder.
But depends:

• If there's CSRF-token/nonce then might need some script to grab it each time
• The number of attempts allowed by the application:

 

[ping101]

thank you

 

[eucl1d]

BURP --> Intruder