Burp Suite User Forum

Login to post


Jacob | Last updated: Sep 12, 2020 08:40PM UTC

How do i use burp suit to intercept an otp been sent to a phone number or email which I don't have with me. Like in PayPal, Bank, Email verification etc.

Hannah, PortSwigger Agent | Last updated: Sep 14, 2020 08:58AM UTC

Burp intercepts HTTP/HTTPS traffic, so if your OTP has been sent using a different method then it is likely unable to find the OTP. You can proxy mobile devices through Pro, so you may be able to intercept it there. There is an extension in the BApp Store to help with Google authentication. You can find it here: https://portswigger.net/bappstore/fb3685f958f8424493945c6c60c0920c We are currently working on a "recorded login" feature that should provide improvements to authentication processes. You can find out more information on our roadmap: https://portswigger.net/blog/burp-suite-roadmap-update-july-2020

You need to Log in to post a reply. Or register here, for free.