Automate Synack DUO Push requests without needing a physical device and save the required token for further automation processes.
- Python3
- Libraries: pycryptodome, requests, beautifulsoup4
Install the necessary libraries:
pip install -r requirements.txt- Execute
main.py. - Enter the code from the QR code (use an alternative QR code scanner) or via the link provided in the email (accessible on a desktop). The proceess in screenshots is similar to this:
You need this token which must be passed to main.py, do not press the Activate DUO Mobile, you only need the token.

- Complete the ruo setup.
- In
synconnect.py, update your credentials at lines 12 and 13. - To run in headless mode (without opening a browser window), set
options.headless = Trueon line 37. - (Optional) Customize Token Storage Location
- To save the token in a different location, modify the
file_pathon line 16. - By default, the token is stored in
/tmp/synacktoken.
- To save the token in a different location, modify the
Execute the script using Python:
python3 synconnect.pyThe two pkey constants in the script — PRIMARY_PKEY and FALLBACK_PKEY — need to be set to the Duo device keys enrolled on your account. These values are account-specific and will not match the placeholders.
Duo exposes the full list of enrolled push devices at:
GET https://api-<subdomain>.duosecurity.com/prompt/<AKEY>/pre_authn/evaluation?authkey=<AUTHKEY>&browser_features=<...>&local_trust_choice=undecided
This call is made automatically during a normal browser login. To capture it:
-
Start an intercepting proxy (Burp, mitmproxy, etc.) with your browser routed through it.
-
Log in to Synack normally — Duo will show the push prompt.
-
In your proxy's history, find the request to
/pre_authn/evaluation. -
Inspect the JSON response body. Look for
response.available_unified_auth_factors.factors— each push-capable device appears as:{ "factor_type": "push", "device_info": { "pkey": "DPxxxxxxxxxxxxxxxxxx", "name": "Android" } }
Copy the pkey values for your devices.
PRIMARY_PKEY— set this to your auto-approver device (the onemain.pytaps "Approve" on automatically). This is the device the script will push to first.FALLBACK_PKEY— set this to your personal device (your regular phone). If the primary push doesn't get approved within the timeout, the script falls back to this one and you can approve manually.
If you only have one push device enrolled, leave FALLBACK_PKEY set to the same value as primary or to any string — the fallback simply won't trigger.
Execute using Python:
python3 synconnect_cli.pyFor the automation to work correctly, the device set up for this script must be the primary device. If it's not, request to make it primary or do so manually by removing previous devices and re-adding them later.
Alternatively, use synconnect_cli.py with the correct configuration to circumvent this issue.
Execute using Python:
python3 mission.pyIf you want to use it standalone as a script and provide your own token, comment out the following lines. Token is always read from /tmp/synacktoken.
71 subprocess.run(["python3", "synconnect_cli.py"])
72 token = read_token_from_file(token_file_path)
Usage:
python3 mission_bot_token_on_cli.py 'TOKEN'
Your token can be found on your browser when you are logged in in the platform under the name shared-session-com.synack.accessToken




