Lab link.
On the 2FA login pages, we send the MFA code, which is our last request. We leave only the verify component in the cookie value and make it carlos instead of wiener. When we send the request, we get the information that the MFA code is incorrect, which indicates that the system is vulnerable.
We can access the MFA code by brute-force attack.
Necessary cookie arrangements are made in the browser.