How to bypass 2FA?

Hello everyone! I hope you are having a great day. Today, I want to write about what I learned yesterday, and I think the title is very descriptive. I learned a method to bypass Two-Factor Authentication. I learned it from PortSwigger Academy by following the first path, and I highly recommend you have a look at that webpage.

When I decided to start climbing the ladder of bug bounties and cybersecurity, I didn’t know about PortSwigger until I listened to a podcast. The interviewee said that he usually uses PortSwigger labs to practice. If I remember correctly, he was one of the top 100 hackers on HackerOne.

Nowadays, many websites have 2FA, which means that after you log in with your username and password, they will send you a code to your email or phone, or you can use a third-party app like Google Authenticator. In the lab case, they send you an email with the code.

Now let's imagine that we have this URL:

https://somewebpage.com/login

After you insert your username, the system will send you a code to your email and redirect you to:

https://somewebpage.com/login2

On this page, you will have to enter the code. After this step, the system will redirect you to:

https://somewebpage.com/dashboard?user-id=guanapi

All these steps are very simple and clear to follow, but the question here is: can we skip https://somewebpage.com/login2 and go straight to the dashboard? The answer is, it is possible, and I will explain what I learned.

Once we pass the first login on some webpages, we are already logged in. What this means is that it doesn’t matter if we enter the code. Of course, if we enter a wrong code, there will be an error, but what happens if we change the URL?

Let’s imagine that we go to:

https://somewebpage.com/login

After entering the correct credentials, the website will redirect us to:

https://somewebpage.com/login2

To skip this step, all we have to do is change the URL to the dashboard URL and press enter:

https://somewebpage.com/dashboard?user-id=guanapi

And voila! We could access the “guanapi” dashboard!

I hope I explained how to bypass the 2FA clearly. Keep on learning and hacking!