In this challenge, I used BurpSuite to intercept and modify HTTP requests

I deleted the line that mentioned “otp” which bypasses MFA and got me the flag on the next page