Twilio OTP Authenticator

This extension integrates with session handling rules to automatically insert a one-time password (OTP) generated via Twilio into outgoing HTTP requests. It is designed for workflows that require OTP verification, such as multi-factor authentication during automated security testing.

Features

• Generates Twilio-based OTPs dynamically
• Injects OTPs into requests using session handling rules
• Supports configurable parameter names and rule types
• Customizable Twilio credentials and phone numbers

Usage

1. Open the "Twilio OTP Authenticate" tab.
2. In the "Twilio Settings" tab, enter your Account SID, Auth Token, From Number, and To Number.
3. Switch to the "Configure" tab, select the desired rule type, set the OTP parameter name, and click Generate Config.
4. Go to "Settings -> Sessions -> Session Handling Rules" and add a new rule.
5. Under "Rule Actions", select "Invoke a Burp Extension" and choose "Twilio OTP Authenticator" from the dropdown.
6. Adjust the rule scope by checking the applicable tools (e.g., Scanner, Repeater) and configuring the target URL scope.
7. Reload the extension from the "Extensions" tab if necessary.
8. Proceed with testing; the extension will automatically inject valid OTPs into relevant requests.