Browse Security AI Extensions Collections
Canvas Autotp Chrome extension icon

Canvas Autotp

👥 65 users
📦 v1.0
💾 134KiB
📅 2025-02-12
View on Chrome Web Store

Chrome will indicate if you already have this installed.

Overview

# Canvas AuTOTP

*A browser extension that autofills 2FA TOTP codes for Canvas-based sites that support ADSF*

**Microsoft Authenticator bypass!!**

## Usage

>[!warning]
>This WILL reduce the security of your account.
>You will be using the same device for something that is intended to use 2.
>There is no secrets encryption as of v1.0 (for maximum convenience)

You must only complete this steps once per site

It takes 1-2 minutes.

**(Important! Please follow)**

0. Install this extension in your browser
1. Go to [Security Info (microsoft.com)](https://mysignins.microsoft.com/security-info)
2. Click on `Add Sign-in method` -> `Microsoft Authenticator`
3. Click on `I want to use a different authenticator app` -> `Next`
4. Click on `Can't scan image?`
5. Copy the contents after "Secret key: " by clicking the `Copy` button next to it -> `Next`
6. On a *new* tab go to the login page for the site you wish to skip the MFA
1. If you get automatically logged in, log out
7. In that tab, open the "Canvas AuTOTP" extension by clicking on it
8. Paste the secret that you copied from earlier -> click the `Submit` button -> click the `Copy Code`
9. Go back to the microsoft.com tab and paste the code there
10. Change "Default Sign-in method" by clicking on `Change` (above the sign-in methods but below the title)
11. In the popup, click the downwards arrow and select `App based authentication or hardware token - code`
12. Click `Confirm`

That's it! Once you login in on your canvas site, it should automatically fill in the code and sign you in.

## How it works

At the core it just autofills TOTP (Time-based One Time PINs).

TOTP are generated from a secret, which must be initially provided by the login management server, in this case Microsoft. They are usually regenerated every 30 seconds. The TOTP generation functionality is borrowed from Turistu, for more information see [Credit](#Credit).

What I have made is just a wrapper for that TOTP generation code, and automated it's generation and completion for Canvas-based sites.

The program stores the secrets in the `Extension Storage`, and each secret is associated with a key of the domain that it works on.

When you are in a website that contains `/adfs/ls/` in its url, the program interprets it as a Canvas login page and searches and tries to autocomplete the input to submit the TOTP. Once it does that, it automatically clicks the login button aswell.

Since I wanted this extension to be a superset of TOTP, it also includes the ability to manually copy the TOTP codes.

## Credit

The TOTP functionality is the one from [totp-in-javascript](https://github.com/turistu/totp-in-javascript) by [turistu](https://github.com/turistu)

Tags

Productivity/tools developer productivity/tools

Privacy Practices

Not being sold to third parties, outside of the approved use cases
Not being used or transferred for purposes that are unrelated to the item's core functionality
Not being used or transferred to determine creditworthiness or for lending purposes

🔐 Security Analysis

⏳ Security scan is queued. Check back soon.

Similar Extensions

More in Productivity/tools →

Zotero Connector

8M+ users
Save references to Zotero from your web browser
Productivity/tools

Browsec Vpn Free Vpn For

8M+ users
Browsec VPN is a Chrome VPN extension that protects your IP from Internet threats and lets you browse privately for free…
Productivity/tools

Claude

8M+ users
Claude in Chrome (Beta)
Productivity/tools AI