Run any Skill in Manus with one click

$pwd:

mitm-find-otp

Name: Mitm Find Otp
Author: instavm

// Find OTP implementation vulnerabilities. Use when user asks about OTP security, verification bypass, SMS security, or two-factor authentication issues.

Run Skill in Manus

$ git log --oneline --stat

stars:53

forks:10

updated:March 23, 2026 at 05:24

SKILL.md

readonly

name	mitm-find-otp
description	Find OTP implementation vulnerabilities. Use when user asks about OTP security, verification bypass, SMS security, or two-factor authentication issues.

Find OTP Vulnerabilities

Analyze the mitmproxy dump (log.txt) for OTP issues for: $ARGUMENTS

Requires: log.txt in the current directory. If it's missing, capture traffic first:
mitmdump --set flow_detail=3 2>&1 | tee log.txt

Vulnerability Types

1. OTP in Response

OTP returned in API response body
OTP in page source/JavaScript
OTP in error messages
Should only be sent via SMS/email, never in API response

2. No Rate Limiting

Unlimited OTP generation requests
Unlimited verification attempts
Can brute force 4-6 digit OTP

3. OTP Bypass

Response manipulation bypasses OTP
Changing verified: false to verified: true
Empty OTP accepted
Old OTP still valid

4. Predictable OTP

Sequential OTPs
Timestamp-based OTPs
Same OTP for multiple requests

5. OTP Leakage

OTP in URL parameters (logged)
OTP visible in function names in source
OTP sent in GET request

Testing Approach

# Check for OTP in response
curl -X POST "https://target.com/api/send-otp" \
  -d "phone=1234567890" | grep -i otp

# Test rate limiting
for i in {1..20}; do
  curl -X POST "https://target.com/api/verify-otp" \
    -d "phone=1234567890&otp=$i"
done

# Test with empty/invalid OTP
curl -X POST "https://target.com/api/verify-otp" \
  -d "phone=1234567890&otp="

Output Format

For each finding:

Endpoint: OTP send/verify URL
Issue: Type of vulnerability
Evidence: What was observed
Exploit: Steps to reproduce
Impact: Account takeover risk
Fix: Server-side validation, rate limiting

related-skills.json

same repository

mitm-find-auth.md

from "instavm/security-skills"

Find authentication and session vulnerabilities. Use when user asks about auth bypass, session issues, login security, or token problems.

2026-03-2353

mitm-find-bizlogic.md

from "instavm/security-skills"

Find Business Logic vulnerabilities in captured traffic. Use when user asks about payment bypass, race conditions, workflow abuse, or application logic flaws.

2026-03-2353

mitm-find-callback.md

from "instavm/security-skills"

Find payment callback and webhook vulnerabilities. Use when user asks about payment security, callback tampering, hash validation, or transaction manipulation.

2026-03-2353

mitm-find-checksum.md

from "instavm/security-skills"

Find checksum and signature vulnerabilities. Use when user asks about hash validation, signature bypass, checksum manipulation, or cryptographic weaknesses.

2026-03-2353

mitm-find-enumerable.md

from "instavm/security-skills"

Find enumerable endpoints that leak data through iteration. Use when user asks about data scraping, bulk data access, or iterating through records.

2026-03-2353

mitm-find-idor.md

from "instavm/security-skills"

Find IDOR (Insecure Direct Object Reference) vulnerabilities in captured traffic. Use when user asks about authorization issues, sequential IDs, or accessing other users' data.

2026-03-2353

package.json

"author": "instavm"

"repository": "instavm/security-skills"

View GitHub Repository View Creator Repositories

$ install --global

$ download --local

Run Skill in Manus

$ useful --forSOC

Information Security AnalystsComputer and Mathematical Occupations15-1212L4

name	mitm-find-otp
description	Find OTP implementation vulnerabilities. Use when user asks about OTP security, verification bypass, SMS security, or two-factor authentication issues.

Find OTP Vulnerabilities

Analyze the mitmproxy dump (log.txt) for OTP issues for: $ARGUMENTS

Requires: log.txt in the current directory. If it's missing, capture traffic first:
mitmdump --set flow_detail=3 2>&1 | tee log.txt

Vulnerability Types

1. OTP in Response

OTP returned in API response body
OTP in page source/JavaScript
OTP in error messages
Should only be sent via SMS/email, never in API response

2. No Rate Limiting

Unlimited OTP generation requests
Unlimited verification attempts
Can brute force 4-6 digit OTP

3. OTP Bypass

Response manipulation bypasses OTP
Changing verified: false to verified: true
Empty OTP accepted
Old OTP still valid

4. Predictable OTP

Sequential OTPs
Timestamp-based OTPs
Same OTP for multiple requests

5. OTP Leakage

OTP in URL parameters (logged)
OTP visible in function names in source
OTP sent in GET request

Testing Approach

# Check for OTP in response
curl -X POST "https://target.com/api/send-otp" \
  -d "phone=1234567890" | grep -i otp

# Test rate limiting
for i in {1..20}; do
  curl -X POST "https://target.com/api/verify-otp" \
    -d "phone=1234567890&otp=$i"
done

# Test with empty/invalid OTP
curl -X POST "https://target.com/api/verify-otp" \
  -d "phone=1234567890&otp="

Output Format

For each finding:

Endpoint: OTP send/verify URL
Issue: Type of vulnerability
Evidence: What was observed
Exploit: Steps to reproduce
Impact: Account takeover risk
Fix: Server-side validation, rate limiting

mitm-find-otp

Find OTP Vulnerabilities

Vulnerability Types

1. OTP in Response

2. No Rate Limiting

3. OTP Bypass

4. Predictable OTP

5. OTP Leakage

Testing Approach

Output Format

More from this repository

More from this repository

Find OTP Vulnerabilities

Vulnerability Types

1. OTP in Response

2. No Rate Limiting

3. OTP Bypass

4. Predictable OTP

5. OTP Leakage

Testing Approach

Output Format