How I sent multiple payment requests on PhonePe, Paytm, and Google Pay ๐ค๐ฐ
Good day ppl! This is Anudeep Vysyaraju, with a new write-up on how I sent multiple payment requests to users on their PhonePe, Paytm, and Google Pay.
Also, Iโm coming up with more interesting writeups, and letโs hack together!! ๐จโ๐ป๐งโ๐ป
Let's get startedโฆ
Few lines about Razorpay!!
Razorpay helps you accept online payments from customers across Desktop, Mobile web, Android & iOS. Additionally, by using Razorpay Payment Links, you can collect payments across multiple channels like SMS, Email, WhatsApp, Chatbots & Messenger.
Letโs re-create the scenario!!
I just want to prank ๐ my friends in a new way, So Iโm thinking and searching for some alternative ways to prank them ๐๐ and I got an idea for Rate-Limiting vulnerability, If I use any routine things such as OTPs, etc it wonโt be much interesting ๐๐ and they just ignore those messages.
So I found an alternative way for Rate-Limiting just to prank my friends ๐
This is how my hunt started on this website for vulnerabilities๐๐
Letโs move into the hack!!!!
I started searching ๐ for a website that has a Rate-Limiting vulnerability and found nothing. After some time I got an idea and just wanted to check whether it's possible or not on a website, So quickly I fired up the burp and started intercepting the requests on a shopping site but found nothing, Now I observed that the website is using Razorpay gateway and sent some of the requests to my Repeater that look somewhat special to me ๐๐
After searching ๐๐ all the requests, I saw a request that takes all โMY EYESโ ๐๐๐ towards itโฆ..
In this request, we can observe some parameters such as UPI ID, Description, Amount, etc.
After seeing the request, I came to know this is the request that user receives as a Payment request on their UPI Application ๐
Now Iโm thinking ๐ค๐ค about how I should use this request and what to do with it, also I tried multiple things on it but no useโฆ.. ๐คทโโ๏ธ๐คทโโ๏ธ
Nearly been 15 minutes, by mistake I forwarded this request to the repeater in Burpsuite then I was able to see the Payment Request on my phone!! so this means the payment link or request is still active ๐
I literally thought this was my only HOPE to get something ๐๐
Now immediately, I sent the same request to the Intruder in Burpsuite, and want to check ๐๐ after sending the request to the Intruder it looks like thisโฆ.
Also clear or remove all selections to make the request more clear.
Now select the attack type as Sniper and go to the Payloads tab, Here select the payloads type as โNull payloadsโ.
For Null payloads, itโll ask how many payloads to generate and give your desired value. Iโm giving as โ100" for testing purposes you can give as you desire to tease your friends ๐๐๐๐๐
Now you can see the button called โStart Attackโ, tap on it. >>>>>>>
Booommmmmmmm๐๐ now you can see that payment requests are sent to the given UPI ID ๐๐คฃ๐๐คฃ
Similarly, you can give the UPI ID of Paytm, Google Pay, etc on Razorpay Payment Gateway to flood the Application. ๐๐
PS: Just shared this write-up for Knowledge Purposes. So please be aware while exploiting it. Also, the bug has already been submitted to Razorpay via the HackerOne Platform and they marked it as Informational.
Also special thanks to Mayur Parmar, Hemant Patidar, Tarun Tandon, and Pavan Kumar Chinta
Hope you enjoyed this write-up and gained something good. Visit my profile for doubts and guidance ping me on LinkedIn.
Also, you guys can follow me on Medium
Thanks and Byeeโฆ Happy hacking and Letโs hack together๐จโ๐ป๐
