Twitter 2FA bypass

[Type64]

Am getting a lot of custom Twitter hits having 2 Factor Authentication. Any way I can get the account owner's Twitter username and access the account?

 

[snoopez]

First of all make sure those hits are "real" 2fa secured hits - depending on the method and its configuration with which you check the acounts, there is a higher or lower chance those hits are false positives or the status response is interpreted wrong. Then take the correctly identified hits and check them again and find out which specific 2fa method is used for a certain account. For some of those accs you may want to try "evilginx" and such tools to bypass the auth though . Nevertheless, in most cases that's a waste of time - bypassing 2fa needs some experience and you may have to invest a lot of work and / or time ...

... I'd prefer to check "real" or "confirmed" 2fa-hits for mail access following some scraping though the inboxes ... this way you might find other interesting services where the login credentials work.

 

[Type64]

First of all make sure those hits are "real" 2fa secured hits - depending on the method and its configuration with which you check the acounts, there is a higher or lower chance those hits are false positives or the status response is interpreted wrong. Then take the correctly identified hits and check them again and find out which specific 2fa method is used for a certain account. For some of those accs you may want to try "evilginx" and such tools to bypass the auth though . Nevertheless, in most cases that's a waste of time - bypassing 2fa needs some experience and you may have to invest a lot of work and / or time ...

... I'd prefer to check "real" or "confirmed" 2fa-hits for mail access following some scraping though the inboxes ... this way you might find other interesting services where the login credentials work.

Click to shrink...

Thanks for the detailed and informative reply.

 

[raminhakim]

wow chand

 

[GetA]

informative reply)))

 

[smilemaskanj6]

holla li