Vulnerable OTP Application created using PHP & Google OTP
These instructions will get you a copy of the project up and running on your local machine for development and testing purposes.
What things you need to install the application onto.
1. Web Server (Apache recommended)
2. PHP 7 and above
3. Mysql or MariaDB
A step by step series of examples that tell you have to get the application running
After installing Apache, PHP 7 and MariaDB, which I think that you know how to install, or else google about it.
Setting up Application database.
Run SQL File vuln_otp.sql against MariaDB to create necessary Database, Table and Columns
Adding Database details to application
Edit config > db_connection.php and details of Database connections details (Hostname, Username, Password, Database Name)
Open the Application in browser and have fun.
You can use Burp suite or Browser web developer mode to bypass OTP login. Remember to Register a test user before Bypassing it, and use Google Authenticator for OTP
Skip installation and setup and use the mention link hosted for testing OTP Bypass
TEST USER CREATED on APPLICATION for testing, or create new user if you want
USERNAME: test
EMAIL: test@test.com
PASSWORD: P@ssw0rd
SCAN the below use Google Authenticator for OTP generation and login and bypass GOOGLE OTP QR
DO NOT CRASH THE SEVER OR APPLICATION. PLAY SAFE.
- Mohammed Danish amber - Initial work - Mohammed Danish Amber
This project is licensed under the GNU General Public License v3.0 - see the LICENSE file for details
- Hat tip to anyone who's code was used
- Inspiration
- etc