Identify and exploit MFA bypass patterns
hunt-mfa-bypassskillsetup L3★1,791
elementalsouls/Claude-BugHunter ↗What it does
Identify 7 distinct MFA/2FA bypass patterns including rate limits and race conditions
Best for
Hunting account takeover chains where MFA enforcement is incomplete or bypassable.
Inputs
- · Target auth endpoint
- · Session cookie
- · OTP or backup code
Outputs
- · Bypass confirmation
- · Attack payload
Requires
- · ffuf
- · Burp
- · curl
Preconditions
- · Valid session obtained
- · MFA endpoint identified
Failure modes
- · Rate limit evasion tool blocked
- · OTP already invalidated
Trust signals
- · 7 distinct patterns documented
- · Payload examples with TOCTOU race