Authentication Flaws: Multi Level Login 2

A Multi Level(Factor) Login should provide a strong authentication. Please note that TAN is Transaction Authentication Number, it's onetime use code that mostly used by banks


Break into another user Jane's account, you only know Jane's username, you also have your own login(Joe/banana) to site. 


Use Burp Suite intercept and modify request and gain access.

Step by step Guide

1. Login with user/password : Joe/banana, once asked for Tan code, start burp suite

2. Forward the web request until you see:


3. Now modify the request and replace Joe with Jane. 

4. Stop intercept, now you have access to jane's account 


Please publish modules in offcanvas position.