Leeds Duo Pwn

Make Duo think you have a Mac for WebAuthn on adfs.leeds.ac.uk domains

Leeds Duo Pwn - Chrome Extension

Leeds Duo Pwn is a Chrome extension that enables WebAuthn on non-MacOS devices for Duo 2FA on University of Leeds SSO. It spoofs the user-agent specifically for adfs.leeds.ac.uk domains, allowing users to bypass the restriction. By following the provided instructions for Windows Hello Duo 2FA, users can easily authenticate themselves and gain access. The source code is available on GitHub.
Install from Chrome Web Store

Extension stats

Users: 29
Rating: 5.00
(3)
Version: 1.0.0 (Last updated: 2021-10-03)
Creation date: 2021-09-29
Risk impact: Moderate risk impact
Risk likelihood:
Manifest version: 2
Permissions:
  • webRequest
  • webRequestBlocking
  • *://adfs.leeds.ac.uk/*
  • *://api-894eebdb.duosecurity.com/*
Size: 11.43K

Other platforms

Not available on Android
Not available on Firefox
Not available on Edge
Want to check extension ranking and stats more quickly for other Chrome extensions? Install Chrome-Stats extension to view Chrome-Stats data as you browse the Chrome Web Store.

Extension summary

This extension simply enables WebAuthn for non MacOS machines on University of Leeds SSO Duo 2FA. Simply put, it's a user-agent spoofer that only changes your UA on specific domains.

Windows Hello Duo 2FA Instructions:

  1. Go to "Sign-in options" in Windows, if you don't have a fingerprint scanner or a Windows Hello camera capable of facial recognition, be sure to enable Windows Hello PIN
  2. Next time when logging in to duo, click the menu on the top right instead, and choose "Add a New Device".
  3. Select "Touch ID"
  4. You should now be greeted with a Windows Hello prompt to authenticate yourself
  5. Pwned

Source: https://github.com/raka-gunarto/leeds-duo-pwn

User reviews

Legend
by Chris Peleties, 2021-10-21

Does exactly as stated, very good
by Aaron Rosser, 2021-10-14

Works perfectly mate, ty!
by Bernat Tortajada, 2021-10-13
View all user reviews

Extension safety

Risk impact

Leeds Duo Pwn requires a few sensitive permissions. Exercise caution before installing.

Risk likelihood

Leeds Duo Pwn has earned a fairly good reputation and likely can be trusted.

Upgrade to see risk analysis details

Similar extensions

Here are some Chrome extensions that are similar to Leeds Duo Pwn: