Admin Bot

How this works:
This bot simulates an admin user who is logged into the API. When you submit a URL, the bot will visit it with the admin's session, simulating a phishing attack where the admin clicks a malicious link.

Attack Scenario:
1. You host a malicious page with JavaScript that fetches /api/profile
2. Submit the URL here
3. Admin bot visits your page while logged in
4. Your JavaScript steals the admin's sensitive data via CORS
5. You receive the flag at your attacker server

Submit URL for Admin to Visit

API Usage

POST /bot/visit
Content-Type: application/json

{"url": "http://your-malicious-page.com"}