Burp Suite User Forum

Create new post

Report bug in Authentication 2FA simple bypass lab

Aqshayan | Last updated: Oct 07, 2023 09:18AM UTC

After entering the username and password on the 'my account' page close the lab tab without entering the 4-Digit security code. Then access the lab again, and go to the 'my account' page LAB SOLVED.

Michelle, PortSwigger Agent | Last updated: Oct 09, 2023 09:47AM UTC

Hi Can you explain the steps you were taking in a bit more detail, please? How closely do the steps you took match the ones described below? At what stage did you perform different steps? - Log in to your own account. Your 2FA verification code will be sent to you by email. Click the Email client button to access your emails. - Go to your account page and make a note of the URL. - Log out of your account. - Log in using the victim's credentials. - When prompted for the verification code, manually change the URL to navigate to /my-account. The lab is solved when the page loads.

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.