GitHunt
HA

hack-with-ethics/csrf_google

(csrf) google just got a idea to bypass or manipulate the 2fa in gmail service but was successfull in bypassing the device name in gmail 2fa

bypasscross-site-request-forgerycsrfcsrf-attacksgoogle-buggoogle-csrfrequest-forgery

csrf_google

Hello Hackers ... and Programmers

Vulnerable csrf.. In Google Login[2 Factor Auth]

which allows modify the device Name !
That the attacker can mount a url that gets hacked or redirect to Malware Site

And The Location Info May also be changed !!

Check Out The ScreenShots..!! and try Exploiting Step By Step !
step 1: open Burp Suite

step 2 :Configure proxy Setup manually or automatically

step 3:
under proxy settings > Try Find and Replace

Screenshot_2024-01-09_09_24_20

step 4:
replace the device you need !! or Url U need !!

Screenshot_2024-01-09_09_24_46

step5:
Login !

Screenshot_2024-01-09_09_25_38

Sample of The proc

Screenshot_2024-01-09_09_25_57

sample2

Screenshot_2024-01-09_09_48_51

Final Out:

WhatsApp Image 2024-01-09 at 21 52 32_c803b57f

Contributors

HA
Created January 9, 2024
Updated March 12, 2026
hack-with-ethics/csrf_google | GitHunt