The time is right. When the OTP is six digits long, it will not prevent the final cut of the exam in case of selection due to a challenge. If the OTP is not released within 60 seconds, the OTP will expire.
That will not work for most sites, as 1 the 4 digit usually 6 digits code keeps changing, often one-time codes and time limited, 2 after several failed attempts the account is locked, 3 often a secure app is used, 4 the system alerts the account holder of a login from a new device. 5 behavior checks, to see if its a automated attack.
The basic flaw: it assumes the required code does not change. Use an authenticator tool, with 6-digits that change every 30-seconds, with a 3-mistakes-results in a 5-minute cooldown, and you will need a quantum computer to try to break that puppy.
Thanks for the tutorial! Can limiting the max. no. of One-time password (OTP) attempts and/or minimizing the time limit for each OTP entry help to prevent Brute-Force Attack?
Good job Bro, What is the solution when the reaction of the website is different like that "attempts of enter the pin are limited in three time then it lock"?
I guess no, because after a particular single request from the browser the burp suite will virtually handle the request, so for the code which was sent by the original server for that will automate the task using macro.
So basically this attack works on requsting a new otp from the server then trying that otp and hope that our combination of generated and payload otp somehow matches . Isn't this , really difficult and completely based on luck i mean yeah we can increase the speed by making our own code in nodejs or some other languages which are very very fast when it comes to webscraping but still the odds are very very high thay we will get the code i am not sure if any website will be willing to pay for this bug . Please correct me if am wrong 🙏
@@8124K-u4x indeed I was wrong, you will crack the OTP in 3-4 days at max if you find this bug and any company will give you a decent bounty for this bug. Keep learning mate.
@@8124K-u4x yeah I was indeed wrong for a 4-digit code it can be cracked in some hours to a day while a 6-digit code might take some time, but it will eventually be cracked as well and yes any company would pay you a decent bounty for this.
The time is right. When the OTP is six digits long, it will not prevent the final cut of the exam in case of selection due to a challenge. If the OTP is not released within 60 seconds, the OTP will expire.
So what's the solution can u use multiple laptop to do the task?
That will not work for most sites, as 1 the 4 digit usually 6 digits code keeps changing, often one-time codes and time limited, 2 after several failed attempts the account is locked, 3 often a secure app is used, 4 the system alerts the account holder of a login from a new device. 5 behavior checks, to see if its a automated attack.
mersi pentru explicați e,,deci e foarte greu de ocolit codul🎉,se plătește o taxă pentru codul ăla
mersi pentru explicați e,deci e foarte greu de ocolit codul,sau deloc🎉,se plătește o taxă pentru codul ăla
da 50 lei la luna
The basic flaw: it assumes the required code does not change. Use an authenticator tool, with 6-digits that change every 30-seconds, with a 3-mistakes-results in a 5-minute cooldown, and you will need a quantum computer to try to break that puppy.
Can I use that to force the 2fa on a instagram account?
Yes you can anywhere but remember use in legal
mai sus spune că se schimba codul la 30 de sec,proprietarul contului plătește taxă,că se schimba codul 🎉,ori greu ori imposibil😊
Thanks for the tutorial! Can limiting the max. no. of One-time password (OTP) attempts and/or minimizing the time limit for each OTP entry help to prevent Brute-Force Attack?
Good job Bro, What is the solution when the reaction of the website is different like that "attempts of enter the pin are limited in three time then it lock"?
Very detailed explanation Sir, many thanks
Thanks and welcome!
@@TraceTheCode I tried this sir but it was running for whole night and finally crashed my vm 😂
Sorry to hear that! But it shouldn't take more than a few mins!
@@TraceTheCode are you using it in VM? Ran it as 1 concurrent connection too but still same,will turbo intruder fasten up the process?
yeah, concurrent Request must be 1. Using Turbo Intruder shouldn't make much difference.
Hi dude.
My Facebook account Two factor authentication code didn't come.any solution pls
so 0167 was the code or something else?
How I want see an otp send by server
When you log into someone's account does it change their original password?
Will the website request a new otp each time the macro is run?
I guess no, because after a particular single request from the browser the burp suite will virtually handle the request, so for the code which was sent by the original server for that will automate the task using macro.
Could it bypass 2fa ebay ??
Pls I need an answer
could it by pass 2fa paypal bro?
Probably not because the code of 2fa will change afther 1 mins or 2 so i bet u cant find the right code in that time
@@bassxfunky2367 but if luck loves you, you can 😂
@@Ayu_Chandravanshihow ❤
@@Ayu_Chandravanshionly but🎉
I got a very less secure app, which allows unlimited OTP tries .. in 5 mins then we just have to resend the otp is it possible to crack it ?
possible to bypass GOOGLE 2FA wiTh this?
Have you tried it..?
@@jayskipesentertainment4738 forget u can't bypass google 2fa that easy
Why can my macro only add one request
Maybe you forgot to hold the CTRL key while selecting the requests.
how to do this with andriod and windows
So basically this attack works on requsting a new otp from the server then trying that otp and hope that our combination of generated and payload otp somehow matches . Isn't this , really difficult and completely based on luck i mean yeah we can increase the speed by making our own code in nodejs or some other languages which are very very fast when it comes to webscraping but still the odds are very very high thay we will get the code i am not sure if any website will be willing to pay for this bug . Please correct me if am wrong 🙏
sir are you sure after 1 year
@@8124K-u4x indeed I was wrong, you will crack the OTP in 3-4 days at max if you find this bug and any company will give you a decent bounty for this bug. Keep learning mate.
@@8124K-u4x yeah I was indeed wrong for a 4-digit code it can be cracked in some hours to a day while a 6-digit code might take some time, but it will eventually be cracked as well and yes any company would pay you a decent bounty for this.
@@studiospan6426all company’s have good security
You are amazing, we support you❤️❤️❤️❤️❤️❤️❤️❤️❤️❤️❤️❤️
Thanks for teaching and giving us the ideal are amazing. I am really happy to be here thanks again 🙏🙌🧐✊
Is Work on My Jio ?
Can you make viedo bypass application not page
How can we know the correct one is the first one??
Thanks for such a detailed explanation.
You are welcome!
I can't understand what's this... How can I by pass a gmil 2fa or what's app code ???
Thankyou
well done bro
Does this work for Snapchat Accounts?
Does it work ?
Perfect 👍
Cheers!
Does it work for every 2FA? like Fcebook?
bruh no lmao, huge companies will have high security especially for 2fa.
what about roblox LMAO @@kiiturii
brilliant
do u need premium burl for this?