Published in


Response Manipulation leads to Account Takeover

Photo by olieman.eth on Unsplash

This is a short story about my recent bug hunting on a private program. This program mainly relies on OTP to check user’s authentication. This story would walk through how I bypass its OTP check using response manipulation. So, let’s begin.

If you are not yet a medium member, please subscribe using the link below.




Where Innovation is Composed

Recommended from Medium

{UPDATE} True or False Particle Physics - Test your knowledge of Particle Physics Hack Free…

10 major changes in China’s finalized PIPL

The Magical Bike Lock Unscrambler and Other Thoughts on Security

Perkle officially integrated with MyEtherWallet (MEW) — new guide

The Core of Contact Tracing App Design: Who Owns Your Identity?

The “​Working from Home” topic has been a bit played out, but here is some new insight from an…

Psychological Operations in the Cyber World — 2

{UPDATE} Wild battle lands Hack Free Resources Generator

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store


Cybersecurity, Part-time bug bounty hunter. Support me by subscribe: Ping me for online private tutoring.

More from Medium

XSS - The LocalStorage Robbery

Bypassing CSRF token protection by abusing a misconfigured CORS policy

Sensitive Information disclosure through unrestricted Directories

Bypassing HttpOnly with phpinfo file