quaid
duo-bypass
quaid | duo-bypass | |
---|---|---|
3 | 5 | |
8 | 91 | |
- | - | |
10.0 | 3.5 | |
about 1 year ago | about 1 month ago | |
JavaScript | Python | |
MIT License | - |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
quaid
-
Password protect a static HTML page
Similar here: https://github.com/sowbug/quaid
It works with a GPG-encrypted file. I figured that was safer than developing my own encryption format. As it is, any vulnerability in the decryption process is equivalent to a vulnerability in GPG.
- What happens to a smartphone when it gets stolen?
-
Avoiding bot detection: How to scrape the web without getting blocked?
This utility will help with that, assuming the services that use 2FA have a backup-code feature: https://github.com/sowbug/quaid
duo-bypass
-
Is there a way to do 2FA with an app other than Duo Mobile?
https://github.com/revalo/duo-bypass idk if this works lol. This should extract the Duo HOTP secret, which can then be imported into any other 2FA app. Do note that Duo Mobile's push 2FA will not work, you will only be able to use OTP's to authenticate.
-
Is there any way to get rid of this system? Had an assignment due and my phone was dead because I didn't bring a charger with me?
This is what I use: https://github.com/revalo/duo-bypass
-
How do I not use Duo 2fa
Duo uses HOTP. You can extract the secret: https://github.com/revalo/duo-bypass and the use something like Aegis which supports HOTP to generate the codes.
-
Gym Reservations Bot
Yeah probably not as helpful. Check this out tho https://github.com/revalo/duo-bypass
-
Avoiding bot detection: How to scrape the web without getting blocked?
There are myriad ways of extracting the TOTP seed from these apps... Or you just reverse engineer the setup/confirmation process and then you can generate/trigger your own tokens from your automation workflow.
2FA is a good security feature but it does not help against web scraping. Credential stuffing and other 3rd party attacks? Yes, it _can_ help. But it does not always help. There's a phishing group that has seemingly specialised on getting people to click the green confirm button in their Duo app... ¯\_(ツ)_/¯
Check https://github.com/revalo/duo-bypass for a python script that can be used to automate Duo tokens... Has some code from me. There are similar scripts for all the other well known OTP Apps...
What are some alternatives?
undetected-chromedriver - Custom Selenium Chromedriver | Zero-Config | Passes ALL bot mitigation systems (like Distil / Imperva/ Datadadome / CloudFlare IUAM)
browser-fingerprinting - Analysis of Bot Protection systems with available countermeasures 🚿. How to defeat anti-bot system 👻 and get around browser fingerprinting scripts 🕵️♂️ when scraping the web?
Aegis - A free, secure and open source app for Android to manage your 2-step verification tokens.
undetected-chromedrive
masto-thread-renderer - Render Mastodon thread as a web page
y-webrtc - WebRTC Connector for Yjs
Playwright - Playwright is a framework for Web Testing and Automation. It allows testing Chromium, Firefox and WebKit with a single API.
sasha.html - A pure HTML+CSS+JS local application made to encrypt "very important images" IFYKWIM ( ͡° ͜ʖ ͡°)