Bypassing 2FA with CSRF Token
In my time as a security researcher and professional, I’ve come across some clever ways to bypassing 2-Factor Authentication (2FA). What’s interesting is that we can pull this off with a simple CSRF token, and not many people seem to be talking about it. I’ll keep this blog post short and sweet, so you can get right to the bypass technique
How to Bypass it?
Step 1: Enable 2FA and Log Out
Start by turning on 2FA in the application and then log out if you’re logged in.
Step 2: Log Back In
When you log in again, you’ll notice that the 2FA protection is protected from every attack. You might have tried the usual tricks like messing with direct links, trying brute force attacks, reusing old tokens, or exploiting tokens from response. None of it works, and it seems like you’re stuck.
Step 3: CSRF Token Trick
Now, here’s where the trick comes in. During your failed attempts, you got a CSRF token (By entering wrong code in 2FA field). This token is all we need because it’s already approved by your account. With this CSRF token, you can now do things inside the app without triggering 2FA challenges.
The cool part? You can switch off 2FA, change your 2FA settings, or play around with sensitive stuff — all without 2FA getting in your way. It’s a clever way to get in. Just Make the POST request using CSRF token and check the response.
In this technique, we’ll be using a POST request, which is a way to send a small piece of information to the application’s server.
I hope you found it interesting. I’ll be sharing more exciting content in the upcoming weeks, so stay tuned!
