This kind of security technique can be implemented and it will help curb a huge number of security issues. Prevention method for such brute force attacks could be a check that disallows any attempt made more than 3–5 times, or the OTP should not be valid further after 5 wrong attempts or so.
This is one of the biggest mistakes that i have encountered in my time while carrying out pen-testing, where we never check the number of times the OTP is entered, or the number of times passwords are entered etc. Burp Suite was able to detect which one was the correct OTP. I guess I was in luck when the brute attack worked. Now as I was done with it, I received an OTP on my phone instantly to verify and complete the process of a creating the account. I inserted all the details as it should be. Once done then I carried it out again for the another number that I own but this time the whole Idea was to create the account without having to touch my phone in anyway in which the sim was inserted. While I was doing that I took notice as to how the website worked?.
#FB OTP HACK HOW TO#
So to understand how to create a profile and how the system of OTP works on that particular website I went ahead and created my account.
#FB OTP HACK MOVIE#
How I could have booked movie tickets through other user accounts by Bharathvaj GanesanĪfter reading this I realised that I have had always tried different ways to try and bypass the login credentials but never those which had OTP verification process. It’s been so long since I posted any article, partially because I was tired and taking a pleasant summer break. How I bypassed the OTP verification process? Part - 1
0 kommentar(er)
