onefactorauth

Release 0.1.1

A tool to bypass 2 factor authentication.

Homepage PyPI Python

Keywords
one-factor-auth, python, two-factor-authentication, web-scraping, wtfpl
License
Unlicense
Install
pip install onefactorauth==0.1.1

Documentation

OneFactorAuth

A tool to bypass 2 factor authentication.

one_fa_demo.mp4

Usage

Installation

python3 -m pip install onefactorauth

Setup

  1. Go to https://receivesms.cc/sms/ and choose a phone number
  2. Run 1fa config -p <phone_number> (ex: 1fa config -p 31616099881)
  3. Register the phone number under your account for 2 factor authentication
  4. Go to https://receivesms.cc/sms/<phone_number> (ex: https://receivesms.cc/sms/31616099881) to see the text message
  5. Complete the setup of this phone number in your account settings
  6. Take note of the pattern of the message, eg. how it is structured, where the code is

Invoking

$: 1fa code --help

usage: 1fa code [-h] [-c] [-t TIMEOUT] [-p PATTERN] [-m MAX_TIME]

Get 1fa code

options:
  -h, --help            show this help message and exit
  -c, --clipboard       copy to clipboard
  -t TIMEOUT, --timeout TIMEOUT
                        timeout (s)
  -p PATTERN, --pattern PATTERN
                        regex pattern for passcode
  -m MAX_TIME, --max-time MAX_TIME
                        maximum age of the sms code msg (min)
  • pattern for the passcode should have one capture group with the code
    • ex: messages are like SMS p***codes: 93209
      • pattern of SMS p\*\*\*codes: (\d+)
    • ex: messages are like Your Uber code is 43890
      • pattern of Uber code is (\d+) (partial matches are acceptable)
  • bind 1fa code --pattern='code is (\d+)' --clipboard to a keybind
    • windows: use winhotkey
    • macos: automator or icanhazshortcut
    • linux: depends on your desktop environment, there's something in the built in settings for gnome and xfce
      • my binding: super+u: 1fa code --timeout=3 --clipboard && notify-send -i system-lock-screen -t 1 'UCLA Duo' 'Copied!' || notify-send -i system-lock-screen -t 1 'UCLA Duo' 'Oopsie woopsie'

How

It uses https://receivesms.cc/sms/ to receive and scrape texts for your text passcode

Why

UCLA makes me 2fa every time I wanna log into my portal. No one's trying to hack my BruinBill, UCLA, just lemme use my account. I have 2fa setup for GitHub and Discord which are likelier targets for hacking and neither of them ask me for 2fa on every login.

License

Do WTF You Want To Public License

Developers

Developed by Ronak Badhe (r2dev2)

Stats

Dependencies
2
Dependent packages
0
Dependent repositories
0
Total releases
2
Latest release
First release
Stars
6
Forks
0
Watchers
1
Contributors
1
Repository size
30.3 KB
SourceRank
8

Development practices

Source repo 2FA enabled
TEXT!
Package manager 2FA enabled
TEXT!
Is security responsive
TEXT!
Dependencies are managed
TEXT!
Issue-free release available
TEXT!
Succession plan available
TEXT!
Package manager 2FA enabled
TEXT!

The Tidelift Subscription provides access to a continuously curated stream of human-researched and maintainer-verified data on open source packages and their licenses, releases, vulnerabilities, and development practices.

Learn more

Releases

0.1.1
0.1.0

Contributors

Ronak Badhe


See all contributors

Something wrong with this page? Make a suggestion

Export .ABOUT file for this package

Last synced: 2023-02-04 06:53:01 UTC

Login to resync this project