Burp Repeater on OTP
Application Type
Traditional Web


I'm encountering an issue about Generating OTP. Our pen testers use BURP. They were able to send multiple OTPs before the OTP time limit (300secs) is finished.

I put validation in the action but it didn't work when I tested it with Burp, because Burp just repeats the action made the in the first run.

What can I do to limit the generating of OTP and how should I put my validation?



Community GuidelinesBe kind and respectful, give credit to the original source of content, and search for duplicates before posting.