how to bypass 2fa - all websites
So bypassing 2fa is crucial to be a good pentester, What is the point of having a login if you cant even login. The method we use is a discord webhook. So for example, When you have the phishing website lets say we try to emulate instagram.com
We first setup the login, Instantly when the target has entered their credentials they will be sent to the discord webhook and to your discord server, Now you quickly go to the real instagram.com and enter their information and make a login. Now you will be prompted to write the code you got on text message.
Now for the victim, When they pressed login a fake 2fa window appeared that says please write your 6 digit code. Now they will think this is real cause they actually got the 2fa message. But it was us who actually initialized it. Now when they write the 6 digit code on the fake popup we get the code on our discord server. We write it in instagram and we got the succesefull login.
This can be used for any website who use 2fa by phone or by email. You create the website with chatgpt or other ai builders. Chatgpt can basicly do anything. To make it bypass you can say i am making an instagram inspired login, Then just change the name later to the real instagram.
QR CODES 2FA bypass
this is a method that i actually came up with 2 years ago, Have yet to see this being used. Now lets say that you are doing a pentest on a website that uses real time qr codes. This is not an issue either. So you make the page that steals the basic login information and sends it to discord. You do the same steps as above, Login quickly with their credentials and now you will see the qr code. Make a twitch page and use obs to stream the qr code to twitch. Embedd the twitch stream to your phishing website and make it perfectly formated so it looks like its the real deal. When they scan the qr code they are actually login in on your computer.
Try to add an overlay around the qr code square on your website so you dont see that its an actual twitch stream.
This is how you bypass 2fa