Skip to content

Instantly share code, notes, and snippets.

@deron-dev
deron-dev / OktaVerify_TOTP_Key_Exteaction.md
Created September 20, 2024 04:04 — forked from jakariyaa/OktaVerify_TOTP_Key_Exteaction.md
Okta Verify TOTP secret key can be extracted easily using curl and the code below.
  1. Get the content of the QR for Okta Verify app setup. It looks like this: oktaverify://[email protected]/?t=XXXXX&f=YYYYY&s=https://DOMAIN.okta.com&issuer=DOMAIN.okta.com&isIdxEnabled=true
  2. Replace XXXXX, YYYYY and DOMAIN to your values in curl below:
curl --request POST \
  --url https://DOMAIN.okta.com/idp/authenticators \
  --header 'Accept: application/json; charset=UTF-8' \
  --header 'Accept-Encoding: gzip, deflate' \
  --header 'Authorization: OTDT XXXXX' \
  --header 'Content-Type: application/json; charset=UTF-8' \
<!--
sysmon-config | A Sysmon configuration focused on default high-quality event tracing and easy customization by the community
Source version: 74 | Date: 2021-07-08
Source project: https://github.com/SwiftOnSecurity/sysmon-config
Source license: Creative Commons Attribution 4.0 | You may privatize, fork, edit, teach, publish, or deploy for commercial use - with attribution in the text.
Fork version: <N/A>
Fork author: <N/A>
Fork project: <N/A>
Fork license: <N/A>