Don haka, na ziyarci wannan gidan yanar gizon xyz.com, na shigar da lambata kuma na buga shiga. Da gangan, na shigar da kuskuren otp kuma na katse buƙatar ta amfani da Burp suite.
A cikin sakon
{"saƙo"OTP bai dace ba!"ladi":400"nasara":0} .
Na yi wannan gurguwar hanyar gyara dabi'u waÉ—anda wasu lokuta ke aiki a cikin gidajen yanar gizo waÉ—anda ba sa bincikar mutunci. Don haka, na gyara wannan zuwa
{"saƙo"OTP match!"code"200,"nasara":1}
Wannan bai yi aiki ba kuma na ci gaba da tunanin abin da zan yi a gaba. Sai na yi tunani. bari mu samar da ingantaccen OTP kuma mu ga abin da ake mayarwa. Don haka na sake shigar da lambata, na maimaita matakan da ke sama amma wannan lokacin tare da ingantaccen OTP. Da zarar an tabbatar da OTP, uwar garken ta amsa da alama da hanyar haÉ—in kai.
{"bayanai":
{"nextLink"saitin_password"alama"drc6GpqryeAMIR2qngxLLt2TESTUeZWSamplewx
ZhDgs=”} saÆ™o OTP cikin nasara
tabbatarwa!", "code":200,"token":"drc6GpqryeAMIR2qngxLLt2TESTUeZWSamplewx
ZhDgs=
NextLink":"set_password","Nasara":1}
Babu shakka, wannan alamar samfuri ce kawai ba ta asali ba. Na aika wannan alamar zuwa dikodi don gano abin da aka adana a cikin wannan alamar. Ƙaddamar da shi a cikin base64 kuma ya gano cewa ana adana wasu bayanan bazuwar a cikin wannan alamar da ba ta bambanta tsakanin masu amfani daban-daban. Na sake shigar da wata lamba, na ba da otp ba daidai ba kuma na katse buƙatar. Kamar yadda aka zata, na sami amsa 400 amma wannan lokacin na maye gurbin amsa da irin wannan amsa da na samu bayan samar da ingantaccen OTP. Sannan na tura buqatar kuma an yi nasarar tsallake OTP. Wannan kwaro yana cikin gidan yanar gizon govt, don haka ba tare da ƙarin amfani ba, na kai rahoto ga NCIIPC.
Ina fatan kun ji daɗin karanta wannan. Wannan shine rubutuna na farko kuma tabbas zan yi ƙoƙarin fito da ƙari.
Godiya mr - ABBALO MBC KING MUBISON TV