Skip to content

A demonstration lab showing the risks and exploitation techniques for hardcoded encryption keys in client-side JavaScript. This educational repository provides a hands-on approach to understanding how exposed keys can be used to intercept, decrypt, and manipulate encrypted web communications, including bypassing security controls like OTP.

Notifications You must be signed in to change notification settings

rushikeshhh-patil/OTP-Bypass

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

7 Commits
 
 
 
 
 
 
 
 

Repository files navigation

Hardcoded Key Exploitation Lab

Overview

This repository contains a lab setup designed to demonstrate the security risks associated with hardcoded encryption keys in client-side JavaScript. The lab illustrates how attackers can decrypt and potentially modify encrypted data transmitted between the client and the server. This project is intended for educational purposes to highlight the importance of secure cryptographic practices.

Objective

The main objective of this lab is to demonstrate the process of exploiting hardcoded encryption keys found within client-side code. This includes intercepting encrypted data, decrypting it using the exposed key, modifying the data, re-encrypting it, and finally sending it back to the server.

Lab Setup

The lab consists of a simple web application that utilizes CryptoJS for AES encryption and decryption. The encryption key is intentionally hardcoded in the JavaScript file to simulate the vulnerability.

Prerequisites

  • Node.js
  • Any modern web browser

Installation

  1. Clone the repository
git clone https://github.com/rushikeshhh-patil/OTP-Bypass.git
  1. Navigate to the project directory
cd OTP-Bypass
  1. Install dependencies
npm install express body-parser crypto-js
  1. Start the server
npm start or npm server.js
  1. Visit
http://localhost:3000

For additional simulation scenarios and in-depth discussions on similar vulnerabilities and their mitigation, please refer to the comprehensive resources available at BreachForce Blog.

About

A demonstration lab showing the risks and exploitation techniques for hardcoded encryption keys in client-side JavaScript. This educational repository provides a hands-on approach to understanding how exposed keys can be used to intercept, decrypt, and manipulate encrypted web communications, including bypassing security controls like OTP.

Topics

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published