# OTP bypasses

<div data-full-width="false"><figure><img src="/files/vjF6GzmZooPrS2kk1CEw" alt=""><figcaption><p>OTP</p></figcaption></figure></div>

## What is **One-Time Password (**&#x4F;TP)?

An OTP or One-Time Password is a unique, randomly generated numeric or alphanumeric code that is used for authentication purposes. It is typically used as an additional security measure to verify the identity of a user when logging into an account or making a transaction. OTPs are designed to be used only once and become invalid after a certain period, usually within a few minutes.

## What are OTP Bypasss?

Pentester and bug hunters while testing the Apps that required OTP, in some cases OTP needs a phone number in a specific country, SMS doesn't work fine or work fine but we need to bypass it

## OTP Verification Bypass Via Response Manipulation

one of most techniques in this case is Response Manipulation I described it [HERE](https://0xkourama.gitbook.io/blog/vulnerabilities-and-techniques/response-manipulation-technique-and-how-burp-suite-works)

While Testing I had one account that didn't need OTP Verification for the number it was verified

Then decided to create a new account to test the OTP Function correctly

Now I have two account

1. Verified Account&#x20;
2. Non-Verified Account

When trying to log in with a Verified Account it doesn't require an OTP because it's already verified

but Non-Verified Accounts need an OTP, But SMS wasn't working, While login with a verified account I noticed in the response body the parameters that indicate mobile number verification&#x20;

Response for Verified Account

```json
"hasRequest":true,
"mobileVerified":true,
"roles":[
],
```

But When login with a Non-Verified Credentials Account the response doesn't include these parameters, So we need to Intercept the response and add these parameters in the JSON body of the response before redirecting to an OTP endpoint to bypass it and accessing an account without any verification&#x20;

Request for Non-Verified Account

{% code title="" lineNumbers="true" %}

```json
{
    "username":"Kourama",
    "Password":"P@$$w0rd"
}
```

{% endcode %}

Response for Non-Verified Account

{% code lineNumbers="true" %}

```json
{
    /*
    Response
    */
    "hasRequest":true,
    "mobileVerified":true,
    "roles":[
    ],
    /*
    Response 
    */
}
```

{% endcode %}

After Adding these parameters in the response I could access the account without any OTP Verification but I needed to bypass it every time log in to the account.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://0xkourama.gitbook.io/blog/writeups/technical-writeups/otp-2fa-bypasses/otp-bypasses.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.