search

dgtlmoon / changedetection.io

The best and simplest free open source web page change detection, website watcher, restock monitor and notification service. Restock Monitor, change detection. Designed for simplicity - Simply monitor which websites had a text change for free. Free Open source web page change detection, Website defacement monitoring, Price change notification
https://changedetection.io
Apache License 2.0
19.99k stars 1.08k forks source link

[feature] Add "Fill in TOTP" to the browser steps #1457

Open romanpeters opened 1 year ago

romanpeters commented 1 year ago

Version and OS For example, 0.123 on linux/docker

Is your feature request related to a problem? Please describe. I can't access a site which requires 2FA login.

Describe the solution you'd like The option to add a TOTP seed to browser steps, so it can be used to access websites with 2FA.

Describe the use-case and give concrete real-world examples Some sites require 2FA, or maybe you don't want to disable 2FA in order to scrape it. Adding the ability for browser steps to fill in a TOTP code would be nice.

Additional context Saving TOTP seeds could come with security risks. A credentials vault would would be another nice to have, but that's for another feature request.

revilo951 commented 1 year ago

100% this is critical - many things require 2FA now, and using a TOTP seed is one of the easy ways for automation, as something like email or SMS 2FA is nearly impossible, compared with a TOTP seed

dgtlmoon commented 1 year ago

@revilo951 got any more info? some links? good providers etc?

revilo951 commented 1 year ago

@revilo951 got any more info? some links? good providers etc?

In this case there would be no "providers" as such. The best example I can give is how I'm achieving this at the moment, using some hacky bash and puppeteer.

This is my bash script, if it helps:

#!/bin/bash

totp=$(oathtool -b --totp 'totp_seed_goes_here')
echo "totp is $totp"

# sed -i "/    totp:.*/
sed -i "/    totp:/c\    totp: '$totp'" /opt/scripts/constants.js

/usr/local/bin/node /opt/scripts/screenshot.js

As far as I can tell, you'd need to provide somewhere in the interface for the user to provide the TOTP seed, and then use that seed as needed to generate the TOTP code to enter into the site.

I hope that makes sense?

techc0de commented 10 months ago

Hi,

I'm currently in this situation too. My provider for 2FA are: SMS, email, Okta. It requires every 24 hours. How can I achieve this?

Thanks

techc0de commented 10 months ago

I found this neat open-source 2FA for automation. I wonder if somebody can implement it into this software.

https://github.com/sashajenner/byebyeokta

lyh16 commented 10 months ago

@revilo951 got any more info? some links? good providers etc?

@dgtlmoon Bitwarden would be great. It has excellent reputation for being an open source and audited password manager. It also has an actionable API. You could use the item.login schema together with the /object/item/{id} API to get the TOTP value.