Create OTP Bypass

Author: Akshaykerkar

Authentication_Bypass/OTP Bypass

@@ -0,0 +1,19 @@
+OTP Bypass on Register account via Response manipulation
+
+Steps:-
+1.Register account with mobile number and request for OTP.
+2.Enter incorrect OTP and capture the request in Burpsuite.
+3.Do intercept response to this request and forward the request.
+4.response will be 
+
+{"verificationStatus":false,"mobile":9072346577","profileId":"84673832"}
+
+5.Change this response to
+
+{"verificationStatus":true,"mobile":9072346577","profileId":"84673832"}
+
+6.And forward the response.
+7.You will be logged in to the account.
+
+
+Impact: Account Takeover