Let’s Cheat by changing FALSE to TRUE!

Hello H4ck3rs, c0ff33b34n here with a new write-up. In last write-up we have seen a simple DOM based XSS Trick. Today we are going to change some FALSEs to TRUEs!!

Changing True to False??

Yeah, We are going to take a look at something called Response Manipulation. It’s simple, but powerful.

While doing a PT project last week, I have found a login page. Login pages are always a nice place to find bugs; Possibilities are infinite😋.

Let’s hack!!

Register >> Fill details >> Capture request with any random OTP >> Exploit

Exploitation:

Let’s play with captured request.

Let’s take a look at request and response.

Request and Response of random OTP

We can see a false over there.

Let’s modify false to true.

Proxy tab

Right click >> Do intercept >> Response to this request >> Modify >> Forward

Error Response

Modified Response

Boom!!💥OTP bypassed

Simple OTP bypass trick. Also check for Rate limit and if it’s absent brute force it.

You can try this trick on anywhere, sometimes on status code (status: 200), privilege (isAdmin = “true”), verification (verified: “true”), etc.

Simple as that, any doubts or suggestions?? Message me