6 |
7 | Bye DUO is a browser extension that allows you to log in to NYU using just your browser.
8 |
9 | Built with a React frontend and a Python Flask backend!
10 |
11 | ### Credit
12 | Inspired by [https://github.com/revalo/duo-bypass](https://github.com/revalo/duo-bypass)
13 |
14 |
15 | ### Motivation
16 | - 🌎 International students without VPNs can't use the DUO Mobile app
17 | - ⌛️ Takes too long to get on a phone
18 |
19 | ### Development
20 | - frontend, go to frontend/
21 | - `./build.sh`
22 | - backend, go to backend/
23 | - `./run.sh`
24 |
25 | ### Help
26 | - Please contribute to this repo! 🙌
27 | - Give it a star ⭐️ at GitHub
28 | - Leave a review 👍 in the extension store
29 |
30 |
31 | ### Installation
32 |
33 | [](https://chrome.google.com/webstore/detail/bye-duo/mkkkcknaeigdadidmjibimgoablbamlc?hl=en&authuser=0)
34 |
35 |
36 | ### License
37 | MIT License
38 |
--------------------------------------------------------------------------------
/LICENSE:
--------------------------------------------------------------------------------
1 | The MIT License (MIT)
2 |
3 | Copyright (c) 2021 Bye DUO
4 |
5 | Permission is hereby granted, free of charge, to any person obtaining a copy
6 | of this software and associated documentation files (the "Software"), to deal
7 | in the Software without restriction, including without limitation the rights
8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
9 | copies of the Software, and to permit persons to whom the Software is
10 | furnished to do so, subject to the following conditions:
11 |
12 | The above copyright notice and this permission notice shall be included in all
13 | copies or substantial portions of the Software.
14 |
15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
21 | SOFTWARE.
--------------------------------------------------------------------------------
/frontend/package.json:
--------------------------------------------------------------------------------
1 | {
2 | "name": "frontend",
3 | "version": "0.1.0",
4 | "private": true,
5 | "dependencies": {
6 | "2fa-utils": "^1.1.5",
7 | "@ant-design/icons": "^4.5.0",
8 | "@craco/craco": "^6.1.1",
9 | "@testing-library/jest-dom": "^5.11.4",
10 | "@testing-library/react": "^11.1.0",
11 | "@testing-library/user-event": "^12.1.10",
12 | "antd": "^4.12.3",
13 | "axios": "^0.21.1",
14 | "craco-less": "^1.17.1",
15 | "eslint-config-react-app": "^6.0.0",
16 | "react": "^17.0.1",
17 | "react-copy-to-clipboard": "^5.0.3",
18 | "react-dom": "^17.0.1",
19 | "react-scripts": "4.0.2",
20 | "web-vitals": "^1.0.1"
21 | },
22 | "scripts": {
23 | "start": "craco start",
24 | "build": "craco build",
25 | "test": "craco test",
26 | "eject": "react-scripts eject"
27 | },
28 | "eslintConfig": {
29 | "extends": [
30 | "react-app",
31 | "react-app/jest"
32 | ]
33 | },
34 | "browserslist": {
35 | "production": [
36 | ">0.2%",
37 | "not dead",
38 | "not op_mini all"
39 | ],
40 | "development": [
41 | "last 1 chrome version",
42 | "last 1 firefox version",
43 | "last 1 safari version"
44 | ]
45 | }
46 | }
47 |
--------------------------------------------------------------------------------
/backend/server.py:
--------------------------------------------------------------------------------
1 | import os
2 | from flask import Flask, request
3 | from flask_cors import CORS
4 | import requests
5 | import json
6 |
7 |
8 | def response(app, res, status):
9 | return app.response_class(response=res, status=status,)
10 |
11 | # create and configure the app
12 | app = Flask(__name__, instance_relative_config=True)
13 | CORS(app)
14 | app.config.from_mapping(
15 | SECRET_KEY="dev", DATABASE=os.path.join(app.instance_path, "flaskr.sqlite"),
16 | )
17 |
18 | # ensure the instance folder exists
19 | try:
20 | os.makedirs(app.instance_path)
21 | except OSError:
22 | pass
23 |
24 | @app.route("/")
25 | def home():
26 | return 'heyhey'
27 |
28 | @app.route("/secret", methods=["POST"])
29 | def secret():
30 | user_url = request.form.get("secret", None)
31 | if not user_url:
32 | return response(app, {}, 400)
33 |
34 | user_url = user_url.lstrip("https://").split("/")
35 | domain = user_url[0][1:]
36 | key = user_url[-1]
37 | DUO = f"https://api{domain}/push/v2/activation/{key}?customer_protocol=1"
38 | try:
39 | secret = json.loads(requests.post(DUO).text)['response']['hotp_secret']
40 | status = 200
41 | except:
42 | secret = ""
43 | status = 400
44 |
45 | return response(app, secret, status)
46 |
47 |
48 | if __name__ == "__main__":
49 | app.run(host='0.0.0.0')
50 |
--------------------------------------------------------------------------------
/frontend/public/index.html:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
7 |
12 |
13 |
17 |
18 |
27 | Bye DUO
28 |
29 |
30 |
31 |
32 |
33 |
34 |
--------------------------------------------------------------------------------
/overview.txt:
--------------------------------------------------------------------------------
1 | Tired of having to wait for a notification every time you want to join a Zoom class? Frustrated because you can't log in to NYU when your phone’s out of battery? So are we. That’s why we made Bye DUO.
2 |
3 | With Bye DUO, you can log in to NYU using just your browser. Whenever you want to log in, Bye DUO will generate a six-digit passcode that you can quickly paste into the Multi-Factor Authentication. No need to wait for a notification on your phone!
4 |
5 | Bye DUO is easier and faster than Duo Mobile, without sacrificing any security.
6 |
7 | ----------------
8 |
9 | One-Time Setup:
10 | 1. Log in to NYU. At the Multi-Factor Authentication page, click "Add a new device" on the left side of the screen.
11 | 2. Select “Tablet,” and then select “iOS” on the next page.
12 | 3. Click “I have Duo Mobile installed,” then ”Email me an activation link instead.”
13 | 4. In your email, click on the activation link and paste the popup's URL (not the activation code) into Bye DUO's input bar. Click “Activate Bye DUO!”
14 |
15 | Voilà! Now you can generate passcodes whenever you need!
16 |
17 | ----------------
18 |
19 | Who are we? We’re just a group of NYU students who wanted to make Multi-Factor Authentication easier. We don’t make any money from this.
20 |
21 | Like you, we value privacy. Bye DUO does not collect any user data. We cannot and will not steal, sell, or use your personal information. All Bye DUO does is generate passcodes for you. You can always opt out of Bye DUO at any time.
22 |
23 | Like Bye DUO? Support us by leaving a rating and telling your friends!
24 |
25 | Questions? Feedback? Email us by clicking “Contact the developer” or DM us on Instagram!
26 |
27 | Programming: Yuchen Liu
28 | Product Management & UI/UX: Wesley Davies
29 |
--------------------------------------------------------------------------------
/frontend/src/logo.svg:
--------------------------------------------------------------------------------
1 |
--------------------------------------------------------------------------------
/frontend/README.md:
--------------------------------------------------------------------------------
1 | # Getting Started with Create React App
2 |
3 | This project was bootstrapped with [Create React App](https://github.com/facebook/create-react-app).
4 |
5 | ## Available Scripts
6 |
7 | In the project directory, you can run:
8 |
9 | ### `yarn start`
10 |
11 | Runs the app in the development mode.\
12 | Open [http://localhost:3000](http://localhost:3000) to view it in the browser.
13 |
14 | The page will reload if you make edits.\
15 | You will also see any lint errors in the console.
16 |
17 | ### `yarn test`
18 |
19 | Launches the test runner in the interactive watch mode.\
20 | See the section about [running tests](https://facebook.github.io/create-react-app/docs/running-tests) for more information.
21 |
22 | ### `yarn build`
23 |
24 | Builds the app for production to the `build` folder.\
25 | It correctly bundles React in production mode and optimizes the build for the best performance.
26 |
27 | The build is minified and the filenames include the hashes.\
28 | Your app is ready to be deployed!
29 |
30 | See the section about [deployment](https://facebook.github.io/create-react-app/docs/deployment) for more information.
31 |
32 | ### `yarn eject`
33 |
34 | **Note: this is a one-way operation. Once you `eject`, you can’t go back!**
35 |
36 | If you aren’t satisfied with the build tool and configuration choices, you can `eject` at any time. This command will remove the single build dependency from your project.
37 |
38 | Instead, it will copy all the configuration files and the transitive dependencies (webpack, Babel, ESLint, etc) right into your project so you have full control over them. All of the commands except `eject` will still work, but they will point to the copied scripts so you can tweak them. At this point you’re on your own.
39 |
40 | You don’t have to ever use `eject`. The curated feature set is suitable for small and middle deployments, and you shouldn’t feel obligated to use this feature. However we understand that this tool wouldn’t be useful if you couldn’t customize it when you are ready for it.
41 |
42 | ## Learn More
43 |
44 | You can learn more in the [Create React App documentation](https://facebook.github.io/create-react-app/docs/getting-started).
45 |
46 | To learn React, check out the [React documentation](https://reactjs.org/).
47 |
48 | ### Code Splitting
49 |
50 | This section has moved here: [https://facebook.github.io/create-react-app/docs/code-splitting](https://facebook.github.io/create-react-app/docs/code-splitting)
51 |
52 | ### Analyzing the Bundle Size
53 |
54 | This section has moved here: [https://facebook.github.io/create-react-app/docs/analyzing-the-bundle-size](https://facebook.github.io/create-react-app/docs/analyzing-the-bundle-size)
55 |
56 | ### Making a Progressive Web App
57 |
58 | This section has moved here: [https://facebook.github.io/create-react-app/docs/making-a-progressive-web-app](https://facebook.github.io/create-react-app/docs/making-a-progressive-web-app)
59 |
60 | ### Advanced Configuration
61 |
62 | This section has moved here: [https://facebook.github.io/create-react-app/docs/advanced-configuration](https://facebook.github.io/create-react-app/docs/advanced-configuration)
63 |
64 | ### Deployment
65 |
66 | This section has moved here: [https://facebook.github.io/create-react-app/docs/deployment](https://facebook.github.io/create-react-app/docs/deployment)
67 |
68 | ### `yarn build` fails to minify
69 |
70 | This section has moved here: [https://facebook.github.io/create-react-app/docs/troubleshooting#npm-run-build-fails-to-minify](https://facebook.github.io/create-react-app/docs/troubleshooting#npm-run-build-fails-to-minify)
71 |
--------------------------------------------------------------------------------
/frontend/src/App.js:
--------------------------------------------------------------------------------
1 | import './App.less';
2 | import { useState, useEffect } from 'react';
3 | import axios from 'axios';
4 | import twoFA from '2fa-utils';
5 | import hi_base_32 from 'hi-base32';
6 | import { Button, Input, Row, Col, List, Form } from 'antd';
7 | import { CopyOutlined,RedoOutlined, CheckCircleOutlined } from '@ant-design/icons'
8 | import {CopyToClipboard} from 'react-copy-to-clipboard';
9 |
10 |
11 | const API = process.env.REACT_APP_API;
12 |
13 | const STEPS = [
14 | Log in to NYU. At the Multi-Factor Authentication page,
15 | click "Add a new device" on the left side of the screen.,
16 | Select “Tablet,” and then select “iOS” on the next page.,
17 | Click “I have Duo Mobile installed,”
18 | then ”Email me an activation link instead.”,
19 | In your email, click on the activation link and paste the popup's URL
20 | (not the activation code) into Bye DUO's input bar.
21 | Click “Activate Bye DUO”,
22 | ]
23 |
24 | const generatePasscode = (secret, count) => {
25 | let res = twoFA.generateHOTP(secret, count);
26 | while(res.length !== 6) {
27 | res = twoFA.generateHOTP(secret, count);
28 | count += 1;
29 | }
30 | chrome.storage.sync.set({count: count+1}, function() {});
31 | return res;
32 | }
33 |
34 | function App() {
35 | const [link, setLink] = useState('');
36 | const [loading, setLoading] = useState(false);
37 | const [secret, setSecret] = useState('');
38 | const [passcode, setPasscode] = useState('');
39 | const [message, setMessage] = useState('');
40 | const [copy, setCopy] = useState(false);
41 |
42 | useEffect(() => {
43 | chrome.storage.sync.get(['secret'], function(secret_result) {
44 | if(secret_result.secret) {
45 | document.getElementsByTagName(`html`)[0].style.height = '180px';
46 | chrome.storage.sync.get(['count'], function(result) {
47 | setPasscode(generatePasscode(secret_result.secret, result.count));
48 | });
49 | setSecret(secret_result.secret);
50 | }
51 | else {
52 | document.getElementsByTagName(`html`)[0].style.height = '480px';
53 | }
54 |
55 | });
56 | }, []);
57 |
58 | const onChange = event => {
59 | setLink(event.target.value);
60 | }
61 |
62 | const onGenerate = event => {
63 | chrome.storage.sync.get(['count'], function(result) {
64 | setPasscode(generatePasscode(secret, result.count));
65 | });
66 | setCopy(false);
67 | }
68 |
69 | const error = (text) => {
70 | setMessage(text);
71 | setLoading(false);
72 | }
73 |
74 | const onClick = (event) => {
75 | console.log('api:')
76 | console.log(API)
77 | setLoading(true);
78 | if(!link.length || link.search(/https:\/\//i) === -1
79 | || link.search(/m-/i) === -1
80 | || link.search(/urldefense/i) !== -1) {
81 | error("Use popup's URL by clicking on link in email");
82 | return;
83 | }
84 | const form = new FormData();
85 | form.append('secret', link);
86 | axios.post(API, form)
87 | .then(res => {
88 | if(res.status === 200) {
89 | const newSecret = hi_base_32.encode(res.data)
90 | chrome.storage.sync.set({secret: newSecret}, function() {});
91 | chrome.storage.sync.set({count: 0}, function() {});
92 | document.getElementsByTagName(`html`)[0].style.height = '180px';
93 | setPasscode(generatePasscode(newSecret, 0));
94 | setSecret(newSecret);
95 | setLoading(false);
96 | }
97 | else {
98 | error("Use popup's URL by clicking on link in email");
99 | }
100 | })
101 | .catch(err => {
102 | error("Use popup's URL by clicking on link in email");
103 | });
104 |
105 | // dev mode:
106 |
107 | // const secret = hi_base_32.encode('3c9b7138faaab1417406f348b31d1638')
108 | // chrome.storage.sync.set({secret: secret}, function() {});
109 | // chrome.storage.sync.set({count: 0}, function() {});
110 | // document.getElementsByTagName(`html`)[0].style.height = '180px';
111 | // setSecret(secret);
112 | // setLoading(false);
113 | // setPasscode(generatePasscode(secret, 0));
114 | }
115 |
116 | return (
117 |
5 |