Vulnerable-OTP-Application
Vulnerable-OTP-Application copied to clipboard
Vulnerable OTP/2FA Application written in PHP using Google Authenticator
Vulnerable OTP Application
Vulnerable OTP Application created using PHP & Google OTP
Getting Started
These instructions will get you a copy of the project up and running on your local machine for development and testing purposes.
Prerequisites
What things you need to install the application onto.
1. Web Server (Apache recommended)
2. PHP 7 and above
3. Mysql or MariaDB
Installing
A step by step series of examples that tell you have to get the application running
After installing Apache, PHP 7 and MariaDB, which I think that you know how to install, or else google about it.
Setting up Application database.
Run SQL File vuln_otp.sql against MariaDB to create necessary Database, Table and Columns
Adding Database details to application
Edit config > db_connection.php and details of Database connections details (Hostname, Username, Password, Database Name)
Open the Application in browser and have fun.
Running the tests
You can use Burp suite or Browser web developer mode to bypass OTP login. Remember to Register a test user before Bypassing it, and use Google Authenticator for OTP
Application available ONLINE
Skip installation and setup and use the mention link hosted for testing OTP Bypass
TEST USER CREATED on APPLICATION for testing, or create new user if you want
USERNAME: test
EMAIL: [email protected]
PASSWORD: P@ssw0rd
SCAN the below use Google Authenticator for OTP generation and login and bypass GOOGLE OTP QR
DO NOT CRASH THE SEVER OR APPLICATION. PLAY SAFE.
Authors
- Mohammed Danish amber - Initial work - Mohammed Danish Amber
License
This project is licensed under the GNU General Public License v3.0 - see the LICENSE file for details
Acknowledgments
- Hat tip to anyone who's code was used
- Inspiration
- etc