Skip to content

dinosn/synackDUO

BranchesTags
 
 

Repository files navigation

Synack DUO Automation Guide

Automate Synack DUO Push requests without needing a physical device and save the required token for further automation processes.

Prerequisites

  • Python3
  • Libraries: pycryptodome, requests, beautifulsoup4

Install the necessary libraries:

pip install -r requirements.txt

Setting up ruo

  1. Execute main.py.
  2. Enter the code from the QR code (use an alternative QR code scanner) or via the link provided in the email (accessible on a desktop). The proceess in screenshots is similar to this:

Screenshot 2024-05-06 at 05 48 56 , Screenshot 2024-05-06 at 05 50 15 , Screenshot 2024-05-06 at 05 50 47 , Screenshot 2024-05-06 at 05 51 03 , Screenshot 2024-05-06 at 05 51 12 .

Using synconnect (Selenium-based token generation)

Preparation

  1. Complete the ruo setup.
  2. In synconnect.py, update your credentials at lines 12 and 13.
  3. To run in headless mode (without opening a browser window), set options.headless = True on line 37.
  4. (Optional) Customize Token Storage Location
    • To save the token in a different location, modify the file_path on line 16.
    • By default, the token is stored in /tmp/synacktoken.

Running the Script

Execute the script using Python:

python3 synconnect.py

Using synconnect_cli (Requests-based token generation)

Initial Setup

  1. After setting up ruo, capture the login process with Burp Suite.
  2. Locate the /frame/v4/auth/prompt/data request and note down the index and key from its response.
  3. Update synconnect_cli.py with your credentials on lines 12 and 13.
  4. Set the index (e.g., phone2) on line 16 and key (e.g., DPXXXXXXXXXX) on line 17.
  5. (Optional) Customize Token Storage Location
    • To save the token in a different location, modify the file_path on line 18.
    • By default, the token is stored in /tmp/synacktoken.

Running the Script

Execute using Python:

python3 synconnect_cli.py

Known Issue and Solution

For the automation to work correctly, the device set up for this script must be the primary device. If it's not, request to make it primary or do so manually by removing previous devices and re-adding them later.

Alternatively, use synconnect_cli.py with the correct configuration to circumvent this issue.

Mission Bot

Execute using Python:

python3 mission.py

If you want to use it standalone as a script and provide your own token, comment out the following lines. Token is always read from /tmp/synacktoken.

 71                   subprocess.run(["python3", "synconnect_cli.py"])
 72                   token = read_token_from_file(token_file_path)

Mission Bot [mission_bot_token_on_cli.py]

Usage:

python3 mission_bot_token_on_cli.py 'TOKEN'

Your token can be found on your browser when you are logged in in the platform under the name shared-session-com.synack.accessToken

About

Python Duo Push API

Resources

Readme
Activity

Stars

32 stars

Watchers

2 watching

Forks

9 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages

  • Python 100.0%