Leeds Duo Pwn

Make Duo think you have a Mac for WebAuthn on adfs.leeds.ac.uk domains

What is Leeds Duo Pwn?

Leeds Duo Pwn is a Chrome extension that enables WebAuthn on non-MacOS devices for Duo 2FA on University of Leeds SSO. It spoofs the user-agent specifically for adfs.leeds.ac.uk domains, allowing users to bypass the restriction. By following the provided instructions for Windows Hello Duo 2FA, users can easily authenticate themselves and gain access. The source code is available on GitHub.

Download

Extension stats

By: rakagunarto

View on Chrome Web Store

Users: 36 ▲ 2

Rating: 5.00 (3)

Version: 1.0.0 (Last updated: 2021-10-03)

Creation date: 2021-09-29

Risk impact: Moderate risk impact

Risk likelihood: Low risk likelihood

Manifest version: 2

Permissions:

webRequest
webRequestBlocking
*://adfs.leeds.ac.uk/*
*://api-894eebdb.duosecurity.com/*

Size: 11.43K

Email: ra*****@gmail.com

Ranking

# 94301 ▲ 861

Other rankings

#33160 in Workflow & Planning ▲ 145

Other platforms

Not available on Firefox

Not available on Edge

Want to check extension ranking and stats more quickly for other Chrome extensions? Install Chrome-Stats extension to view Chrome-Stats data as you browse the Chrome Web Store.

Extension summary

Analyze keywords

This extension simply enables WebAuthn for non MacOS machines on University of Leeds SSO Duo 2FA. Simply put, it's a user-agent spoofer that only changes your UA on specific domains.

Windows Hello Duo 2FA Instructions:

Go to "Sign-in options" in Windows, if you don't have a fingerprint scanner or a Windows Hello camera capable of facial recognition, be sure to enable Windows Hello PIN
Next time when logging in to duo, click the menu on the top right instead, and choose "Add a New Device".
Select "Touch ID"
You should now be greeted with a Windows Hello prompt to authenticate yourself
Pwned

Source: https://github.com/raka-gunarto/leeds-duo-pwn