2017-05-15 12:54:22 +00:00
|
|
|
## Duo One Time Password Generator
|
|
|
|
|
2018-12-02 01:30:08 +00:00
|
|
|
This is a little script I put together after I reverse engineered the Duo 2FA
|
|
|
|
Mobile App and figured out how their auth flow works. This can be ported into
|
|
|
|
probably a useful desktop app or chrome extention and can probably be used to
|
|
|
|
write bots for MIT Services that require auth.
|
2017-05-15 12:54:22 +00:00
|
|
|
|
|
|
|
### Usage
|
|
|
|
|
|
|
|
Install stuff,
|
|
|
|
|
|
|
|
```
|
|
|
|
pip install -r requirements.txt
|
|
|
|
```
|
|
|
|
|
2018-12-02 01:30:08 +00:00
|
|
|
Just grab the QR Code URL and copy the string after value
|
|
|
|
|
|
|
|
https://api-XXX.duosecurity.com/frame/qr?value={VALUE}
|
2017-05-15 12:54:22 +00:00
|
|
|
|
|
|
|
```
|
2018-12-02 01:30:08 +00:00
|
|
|
./duo_activate.py {VALUE}
|
2017-05-15 12:54:22 +00:00
|
|
|
```
|
|
|
|
|
2018-12-02 01:30:08 +00:00
|
|
|
If everything worked you can then generate a code by running:
|
2017-05-15 12:54:22 +00:00
|
|
|
|
2018-12-02 01:30:08 +00:00
|
|
|
```
|
|
|
|
./duo_gen.py
|
|
|
|
```
|
2017-05-15 12:54:22 +00:00
|
|
|
|
2018-12-02 01:30:08 +00:00
|
|
|
Warning: These are HOTP tokens and generate codes increments a counter. If you
|
|
|
|
get too far out of sync with the server it will stop accepting your codes.
|
2017-05-15 12:54:22 +00:00
|
|
|
|