Account Take over via Response over write method with video PoC
Hello Everyone !!
Hope you all are doing well.
Today in this blog we will learn about Account take over via Response over write mothod.
Note* There are 3 ways to Take over account If that web application verifies user via OTP.
1: OTP Brute Force
2: Response Manipulation
3: Response Over write Mothod
I have already posted OTP brute force and Response manipulation blog, You can check that out If you haven’t read it yet.
As you can see that web application verifies user via OTP.
Replication Steps:
1: Use your number and get OTP.
2: Enter right OTP and Intercept the request.
3: Once you get request that conducts OTP, Right click and navigate to response to this request.
4: Copy response and drop the request.
5: Paste that response in Notepad.
Now you have the valid response, It’s time to take over the victim’s account.
Replication Steps:
1: Enter victim’s mobile number.
Now you don’t know the valid OTP.
2: Enter random OTP (e.g 1111) and intercept the request.
3: Once you get request that conducts the OTP, Right click on request and navigate to “response to this request”
You have entered wrong OTP so you will get “400 bad request”.
4: Change that response with our valid response (that you have pasted in notepad) and change the number if needed.
5: Forward the request and BOOM you will log in to the victim’saccount.
Watch video PoC for better understanding
Thank you guys for reading my blog, If you like my content do subscribe my blogs and follow me on linked in.
