Merlin
Leeds Duo Pwn

Leeds Duo Pwn

Make Duo think you have a Mac for WebAuthn on adfs.leeds.ac.uk domains

Leeds Duo Pwn
What is Leeds Duo Pwn?
Leeds Duo Pwn is a Chrome extension that enables WebAuthn on non-MacOS devices for Duo 2FA on University of Leeds SSO. It spoofs the user-agent specifically for adfs.leeds.ac.uk domains, allowing users to bypass the restriction. By following the provided instructions for Windows Hello Duo 2FA, users can easily authenticate themselves and gain access. The source code is available on GitHub.
Download
Merlin
Stats
Users: 44 ▲ 5
Rating: 5.00 (3)
Version: 1.0.0 (Last updated: 2021-10-03)
Creation date: 2021-09-29
Risk impact: Moderate risk impact
Risk likelihood: Low risk likelihood
Manifest version: 2
Permissions:
  • webRequest
  • webRequestBlocking
  • *://adfs.leeds.ac.uk/*
  • *://api-894eebdb.duosecurity.com/*
Size: 11.43K
Stats date:

Chrome-Stats Rank

# 81026 ▲ 2614
Other rankings
#31139 in Workflow & Planning ▲ 323

Other platforms

Not available on Firefox
Not available on Edge
Want to check extension ranking and stats more quickly for other Chrome extensions? Install Chrome-Stats extension to view Chrome-Stats data as you browse the Chrome Web Store.
Chrome-Stats extension
Merlin
Summary
Analyze keywords

This extension simply enables WebAuthn for non MacOS machines on University of Leeds SSO Duo 2FA. Simply put, it's a user-agent spoofer that only changes your UA on specific domains.

Windows Hello Duo 2FA Instructions:

  1. Go to "Sign-in options" in Windows, if you don't have a fingerprint scanner or a Windows Hello camera capable of facial recognition, be sure to enable Windows Hello PIN
  2. Next time when logging in to duo, click the menu on the top right instead, and choose "Add a New Device".
  3. Select "Touch ID"
  4. You should now be greeted with a Windows Hello prompt to authenticate yourself
  5. Pwned

Source: https://github.com/raka-gunarto/leeds-duo-pwn

User reviews
Legend
by Chris Peleties Chris Peleties, 2021-10-21
Does exactly as stated, very good
by Aaron Rosser Aaron Rosser, 2021-10-14
Works perfectly mate, ty!
by Bernat Tortajada Bernat Tortajada, 2021-10-13
View all user reviews
Safety
Risk impact

Leeds Duo Pwn may not be safe to use and it requires some risky permissions. Exercise caution when installing this extension. Review carefully before installing.

Risk likelihood

Leeds Duo Pwn has earned a fairly good reputation and likely can be trusted.

Upgrade to see risk analysis details
Similar extensions

Here are some Chrome extensions that are similar to Leeds Duo Pwn:

OpenLM Browser Agent
OpenLM Browser Agent
OpenLM
N/A
53
openSUSE User Agent
openSUSE User Agent
Unknown
5.00
362
Rotation UserAgent
Rotation UserAgent
developer.waieight.
N/A
223
User Agent Parser
User Agent Parser
https://gokatz.me
1.00
84
cyberTWEAK
cyberTWEAK
thirstylions
4.00
21
nani Unblocker
nani Unblocker
nani.ninja
N/A
40
ChromeEX
ChromeEX
https://powerz.top
N/A
21
User-Agent Converter
User-Agent Converter
https://www.downloadhub.cloud
N/A
420
Agent Switcher for WIT
Agent Switcher for WIT
steph.ruppel
N/A
54
User Agent Spoof
User Agent Spoof
Unknown
N/A
279
Cydog Toolkit
Cydog Toolkit
mdbench
N/A
9
IE8 User-Agent
IE8 User-Agent
Nikolai Kim
5.00
2,000+