Authentication Bypass [Via Response Manipulation]

Authentication Bypass
Burp Suite Proxy Configuration to Capture Request/Responses
  1. Navigate to login screen. Enter credentials (valid Email and invalid Password) and click on login button.
Request to Verify Username
Username is Valid so Message flag is TRUE
Authentication Request
Message Flag is FALSE if Credentials are Invalid
Change message flag to TRUE to bypass authentication
Login Successful

--

--

--

Works @t @pple. Ethical Hacker, Vulnerability Assessment and Penetration Tester, Bug Hunter, Security Researcher, Optimistic, Philanthropist.

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

{UPDATE} Adam Asmaca! Hack Free Resources Generator

Is “privacy” the word of 2019?

Corporates Struggle To Adapt To Europe’s New Data Privacy Law

Reality Stranger than Fiction: Why we need to rethink Internet Footprint and Cyber Security?

Alpha testing of the EYWA cross-chain protocol: anyone can participate.

Ngtork

Because we aim for security and privacy, PrivacySwap has been reviewed and listed at RugDoctor

A WHOLE NEW BALL GAME: SPHERON PROTOCOL.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Mohammad Mohsin

Mohammad Mohsin

Works @t @pple. Ethical Hacker, Vulnerability Assessment and Penetration Tester, Bug Hunter, Security Researcher, Optimistic, Philanthropist.

More from Medium

HACKED NOKIA WITH REFLECTED CROSS-SITE SCRIPTING VULNERABILITY….

Cross Origin Resource Sharing

Design Flaw — A Tale of Permanent DOS

Intigriti — XSS Challenge — April 2022 — Bug Bounty Hunting — Writeup