2FA simple bypass

This lab is pretty straight forward. We have our login and the victim's login credentials. Once we login to our account we are prompted for the verification code, which can be accessed in our email page.

Once we enter the verification code, we navigate to "My account" and save the url of the page.

The next step is to login to carlos account, and get to the page where we are prompted for the verification code (which we don't have access to). Here, we insert the url we saved before, but change the id to "carlos".

This will redirect us to carlo's "My account" page.