This repository contains a lab setup designed to demonstrate the security risks associated with hardcoded encryption keys in client-side JavaScript. The lab illustrates how attackers can decrypt and potentially modify encrypted data transmitted between the client and the server. This project is intended for educational purposes to highlight the importance of secure cryptographic practices.
The main objective of this lab is to demonstrate the process of exploiting hardcoded encryption keys found within client-side code. This includes intercepting encrypted data, decrypting it using the exposed key, modifying the data, re-encrypting it, and finally sending it back to the server.
The lab consists of a simple web application that utilizes CryptoJS for AES encryption and decryption. The encryption key is intentionally hardcoded in the JavaScript file to simulate the vulnerability.
- Node.js
- Any modern web browser
- Clone the repository
git clone https://github.com/rushikeshhh-patil/OTP-Bypass.git- Navigate to the project directory
cd OTP-Bypass- Install dependencies
npm install express body-parser crypto-js- Start the server
npm start or npm server.js- Visit
http://localhost:3000For additional simulation scenarios and in-depth discussions on similar vulnerabilities and their mitigation, please refer to the comprehensive resources available at BreachForce Blog.