🍪 Cookie-free way to bypass device verification

How to Bypass Device Verification for Email & Login Forms? — no cookies required!

Device verification hacks for email and login forms

5 min readDec 25, 2023

Follow XIT on medium & UglyCompany on Telegram for more..

Greetings, World! Welcome to XIT. Recently, my handset was :( lost, so I decided to gather the IP address logs, login timestamps, geographic information, account activity, login history, and session data by accessing my email account. I attempted to log in from my desktop, but due to trust issues, the system prompted me to verify my phone number. Wait, what? The SIM card was still in the lost handset. Since I was unwilling to obtain a new SIM card for the same number, I employed some clever maneuvers to access my email account. In this blog, I’ll delve into the details and provide additional insights on bypassing device verification for emails and other login forms. Let’s get started.

ahh! it sucks..

You might have noticed that login forms often prompt us to mark the device as trusted. Once marked, the system saves various details such as the device fingerprint, IP address, browser and version, operating system and version, location data (if enabled), device model, and the time and date of device trust establishment. However, in most cases, we can bypass this requirement by entering the same information details directly into the browser.

Understanding the Concept

Start the process by clearing cookies associated with the specific page you’re attempting to bypass.

Following this, carefully inspect the login page by right-clicking.

Once inspected, proceed by clicking on the settings icon located at the top of the page.

Next, navigate to ‘Devices’ settings.

Select the option to add a custom device.

Configure this device with identical specifications to the one currently logged into the email account. Include details such as Device Name, Width, Height, Device Pixel Ratio, User Agent String, Device Touch Capability, User Agent (Sec-CH-UA) Brand & Significant Version, Full Version List (Sec-CH-UA-Full-Version-List) Brand & Significant Version, Full Browser Version (Sec-CH-UA-Full-Browser-Version), Platform & Platform Version, Architecture, and Device Model. Save the configured settings.

EXAMPLE (My Configuration)

Device Name: “iPhone 13 Pro Max Custom”
Width: 1284 pixels / 400
Height: 2778 pixels / 800
Device Pixel Ratio: 3.0
User Agent String: Mozilla/5.0 (iPhone; CPU iPhone OS 15_0 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/15.0 Mobile/15E148 Safari/604.1
Device Touch Capability: Mobile — true
User Agent (Sec-CH-UA) Brand & Significant Version: “Apple”;v=”15.0", “Not A;Brand”;v=”99"
Full Version List (Sec-CH-UA-Full-Version-List) Brand & Significant Version: “Apple”;v=”", “Not A;Brand”;v=”"
Full Browser Version (Sec-CH-UA-Full-Browser-Version): Safari/15.0
Platform & Platform Version: iOS 15.0
Architecture: arm64
Device Model: iPhone14,2

Proceed to choose the newly configured device from the Dimensions menu. Afterward, clear the cookies once again and attempt to log in using the modified device settings.

For more success, consider the use of a proxy from the same datacenter as the target IP where the email is currently logged in. This can surely improve the likelihood of successful bypass.

Additionally, if the above measures do not provide the desired outcome, explore the option of using custom ‘Locations’ settings. To do this, go to location settings and add a custom location.

Enter details such as a custom location name, Latitude, Longitude, Timezone ID, and Locale, ensuring they align with the geographical data of the target device where the email is logged.

EXAMPLE (My Configuration)

Custom Location Name: “New York City Office”
Latitude: 40.7128
Longitude: -74.0060
Timezone ID: America/New_York
Locale: en_US

Finally, clear the cookies once more and attempt to log in again, incorporating the newly added custom location settings. This comprehensive approach provides you with multiple strategies to overcome login restrictions on various sites.

Tada! I was able successfully bypassed the login restrictions using the configured device and custom location settings as outlined. Credits: ‘🧠’

If you learnt anything from this blog, we’d appreciate your engagement — give it a clap and consider sharing to help spread the knowledge. Also Follow XIT on medium & UglyCompany on Telegram. Your support means a lot to us!

A supporter is worth a thousand followers. 😊




SHHH! The voice of none is stronger than the voice of one.