Two Factor Authentication ! [2FA]
Two Factor Authentication !
What is 2FA 🤔 ?
Let's get started , 2FA stands for 2-factor authentication. It is used as an additional layer of security for user accounts. This simply means there will be two factors for you to authenticate into your account. One is simply your credentials, and if due to some case they are compromised the additional layer(second authentication) can protect your account from getting takeover.
This can be of many forms like ;
1:)
Sending verification code to email.
2:)
Sending OTP to email or mobile number.
3:)
Third-party app-generated codes.
4:)
Verification through QR codes.
5:)
SMS verification.
This provides an extra layer of security for user accounts. Even if your credentials got exposed, your account can still be safe if you have your 2FA turned on. But what if this 2FA is also vulnerable. Then your account is not safe even if you have your 2FA turned on. So this vulnerability is a serious one and can be used to take over other accounts without even letting the user know what is happening with their account.
How to check for 2FA bypass ?
There are many ways to bypass 2FA, but let us learn how to bypass 2FA using some of the techniques which are easy and yet effective.
Method 1 (OTP Bypass)
A:)
Sign up for an account.
B:)
Enable 2FA in settings.
C:)
Logout from your account.
D:)
Log in again using your credentials.
E:)
Switch on your proxy(BURP) and have your intercept on.
F:)
Now when it asks for your OTP, enter the wrong OTP and send the request.
G:)
Depending on how the OTP parameter is handled we can move forward in many ways.
H:)
Get into your burp and see how the OTP parameter is being sent.
i) If there is a message at the end showing the response as 1(for success) or 0(for failure), try changing the number and see if you can bypass it.
ii) If there is a message such as SUCCESS or FAILURE, then try changing the terms and see if you can bypass it.
iii) Check how the OTP is generated, if it is giving you sequential numbers for every OTP you request then try the next number for your next login.
iv) Try brute-forcing the OTP parameter (this can be chained to Rate Limiting, check out my previous articles to know more about rate limiting).
v) Try removing the OTP parameter completely from the request and forward it and see if you can bypass it.
Try changing {email:’abc@abc.abc’, OTP:’123456’} into {email:’abc@abc.abc’}
vi) Try giving NULL or BLANK value in the place of the OTP, and see if you can bypass.
Try changing {OTP:’123456’} into {OTP:”}
Try changing {OTP:’123456’} into {OTP:’null’}
Other Methods :
i) Try for Boolean values like TRUE in place of FALSE, where ever you can find them.
Try changing {success:’false’} into {success:’true’}
Try changing {valid:’false’} into {valid:’true’}
Try changing {OTP:’23243′} into {OTP:’true’}
ii) Try changing the response code from 4xx to 200 and check it.
iii) Change the password of the account and see if the password is being changed without asking for 2FA. If so then it is vulnerable.
So ,these are some of the ways you can use to bypass 2FA.
Image: 2FA Bypass (X-mindmap)
(via:@harsha bothra).
Fig 2:) Find a bug in 2FA
(Via: twitter, Maniesh.Neupane)
Reference:
Contact us ;
Twitter
Instagram:
Thank you !
Thank
ReplyDeleteinteresting, I can still use burp suit community version right?
ReplyDelete