DEV Community

Joel Murphy
Joel Murphy

Posted on

Bypassing OTP systems

Hi guys, I came across the following blog post on medium describing a method of bypassing OTP:

https://systemweakness.com/bypassing-otp-verification-797851057e79

I want to prevent this in my applications but the the article doesn't actually say which tool is used to perform the modified header attack.

Does anyone know how this is achieved? I know about HTTP catcher tools but not aware of such a tool that can successfully modify the request? Can anyone shine some light on this as I see this as a serious security flaw that needs attention.

Thank you

Top comments (0)