other platform should work

Author: bamhm182

src/synack/plugins/duo.py

@@ -26,6 +26,7 @@ def __init__(self, *args, **kwargs):
         self._factor = None
         self._grant_token = None
         self._hotp = None
+        self._progress_token = None
         self._referrer = None
         self._session_vars = None
         self._status = None
@@ -58,8 +59,24 @@ def get_grant_token(self, auth_url):
             self._get_status()
         if self._status == 'SUCCESS':
             self._get_oidc_exit()
+            if self._progress_token:
+                self._get_grant_token()
             return self._grant_token
 
+    def _get_grant_token(self):
+        headers = {
+            'X-Csrf-Token': self._xsrf
+        }
+        data = {
+            'progress_token': self._progress_token
+        }
+        res = self._api.login('POST',
+                                'authenticate',
+                                data=data,
+                                headers=headers)
+        if res.status_code == 200:
+            self._grant_token = res.json().get('grant_token')
+
     def _get_mfa_details(self):
         if self._state.otp_secret:
             self._device = 'null'
@@ -117,15 +134,19 @@ def _get_oidc_exit(self):
         }
         res = self._api.request('POST', f'{self._base_url}/frame/v4/oidc/exit', headers=headers, data=data)
         if res.status_code == 200:
-            self._grant_token = re.search('grant_token=([^&]*)', res.url).group(1)
+            try:
+                self._grant_token = re.search('grant_token=([^&]*)', res.url).group(1)
+            except AttributeError:
+                self._progress_token = re.search('token=([^&]*)', res.url).group(1)
+                self._xsrf = self._utils.get_html_tag_value('csrf-token', res.text)
 
     def _get_session_variables(self):
         self._referrer = f'https://login.{self._state.synack_domain}/'
         res = self._api.request('GET', self._auth_url, headers=self._build_headers())
         if res.status_code == 200:
             self._sid = re.search('sid=([^&]*)', res.url).group(1)
             self._referrer = res.url
-            self._base_url = re.search('(https.*duosecurity.com)/', res.url).group(1)
+            self._base_url = re.search('(https.*duo[^.]*.com)/', res.url).group(1)
             self._xsrf = self._utils.get_html_tag_value('_xsrf', res.text)
 
             client_hints = base64.b64encode(json.dumps({

src/synack/plugins/utils.py

@@ -18,7 +18,7 @@ def __init__(self, *args, **kwargs):
 
     @staticmethod
     def get_html_tag_value(field, text):
-        match = re.search(f'<[^>]*name=.{field}.[^>]*value=.([^"\']*)', text)
+        match = re.search(f'<[^>]*name=.{field}.[^>]*(?:content|value)=.([^"\']*)', text)
         if match.group is None:
-            match = re.search(f'<[^>]*value=.([^"\']*)[^>]*name=.{field}', text)
+            match = re.search(f'<[^>]*(?:content|value)=.([^"\']*)[^>]*name=.{field}', text)
         return match.group(1) if match else ''