Script Stopped Working.

Question

Script Stopped Working.

abrahack opened this issue 3 years ago · comments

Hello Evan ,

Please I have been using the script for a while but as of today, it no longer works.

Here is error log.

root@Bug-VM:~/documents/h1stats# python3 h1stats
  _     _ ____  _        _
 | |__ / / ___|| |_ __ _| |_ ___
 | '_ \| \___ \| __/ _` | __/ __|
 | | | | |___) | || (_| | |_\__ \
 |_| |_|_|____/ \__\__,_|\__|___/

                      defparam

[+] No session cookie specified
[+] Collecting public data...
[+] Please wait... (this may take several minutes)
Traceback (most recent call last):
  File "h1stats", line 227, in <module>
    get_programinfo(graphql_token)
  File "h1stats", line 86, in get_programinfo
    progcount += len(data["data"]["teams"]["edges"])
KeyError: 'data'
root@Bug-VM:~/documents/h1stats# python3 h1stats "$H1CRED"
  _     _ ____  _        _
 | |__ / / ___|| |_ __ _| |_ ___
 | '_ \| \___ \| __/ _` | __/ __|
 | | | | |___) | || (_| | |_\__ \
 |_| |_|_|____/ \__\__,_|\__|___/

                      defparam

[+] Using specified session cookie
[+] Collecting public and private data...
[+] Please wait... (this may take several minutes)
Traceback (most recent call last):
  File "h1stats", line 227, in <module>
    get_programinfo(graphql_token)
  File "h1stats", line 86, in get_programinfo
    progcount += len(data["data"]["teams"]["edges"])
KeyError: 'data'

abrahack · Answer 1 · Mon Jul 19 2021 16:38:19 GMT+0800 (China Standard Time)

I took a look at this issue in burp.

I found out the description_html key in the Graphql query is source of the error, seems h1 might have deprecated this .

My suggestion for a fix would be to remove the description_html key .

Here is the Graphql query , I modified that works.

{
    "operationName": "MyProgramsQuery",
    "variables": {
        "where":{"submission_state":{"_eq":"open"}},
        "count": 50,
        "orderBy": null,
        "secureOrderBy": {
            "started_accepting_at": {
                "_direction": "DESC"
            }
        },
        "cursor": ""
    },
    "query": "query MyProgramsQuery($cursor: String, $count: Int, $where: FiltersTeamFilterInput, $orderBy: TeamOrderInput, $secureOrderBy: FiltersTeamFilterOrder) {\n  me {\n    id\n    ...MyHackerOneSubHeader\n    __typename\n  }\n  teams(first: $count, after: $cursor, order_by: $orderBy, secure_order_by: $secureOrderBy, where: $where) {\n    pageInfo {\n      endCursor\n      hasNextPage\n      __typename\n    }\n    edges {\n      cursor\n      node {\n        id\n        handle\n        name\n        currency\n        team_profile_picture: profile_picture(size: medium)\n        submission_state\n        triage_active\n        url\n        offers_bounties\n        average_bounty_lower_amount\n        average_bounty_upper_amount\n        top_bounty_lower_amount\n        top_bounty_upper_amount\n        formatted_total_bounties_paid_prefix\n        formatted_total_bounties_paid_amount\n        resolved_report_count\n        formatted_bounties_paid_last_90_days\n        reports_received_last_90_days\n        last_report_resolved_at\n most_recent_sla_snapshot {\n    id\n    first_response_time: average_time_to_first_program_response\n    triage_time: average_time_to_report_triage\n    bounty_time: average_time_to_bounty_awarded\n    resolution_time: average_time_to_report_resolved\n    __typename\n  }\n        only_cleared_hackers\n        state\n        started_accepting_at\n        number_of_reports_for_user\n        number_of_valid_reports_for_user\n        bounty_earned_for_user\n        last_invitation_accepted_at_for_user\n        bookmarked\n        external_program {\n          id\n          __typename\n        }\n        ...TeamLinkWithMiniProfile\n        ...TeamTableAverageBounty\n        ...BountyTableTeam\n        ...TeamTableMinimumBounty\n        ...TeamTableResolvedReports\n        __typename\n      }\n      __typename\n    }\n    __typename\n  }\n}\n\nfragment BountyTableTeam on Team {\n  id\n  handle\n  bounty_table {\n    id\n    low_label\n    medium_label\n    high_label\n    critical_label\n    description\n    bounty_table_rows(first: 100) {\n      edges {\n        node {\n          id\n          low\n          medium\n          high\n          critical\n          smart_rewards_start_at\n          structured_scope {\n            id\n            asset_identifier\n            __typename\n          }\n          updated_at\n          __typename\n        }\n        __typename\n      }\n      __typename\n    }\n    updated_at\n    __typename\n  }\n  __typename\n}\n\n\n\nfragment TeamLinkWithMiniProfile on Team {\n  id\n  handle\n  name\n  __typename\n}\n\nfragment TeamTableAverageBounty on Team {\n  id\n  currency\n  average_bounty_lower_amount\n  average_bounty_upper_amount\n  __typename\n}\n\nfragment TeamTableMinimumBounty on Team {\n  id\n  currency\n  base_bounty\n  __typename\n}\n\nfragment TeamTableResolvedReports on Team {\n  id\n  resolved_report_count\n  __typename\n}\n\nfragment MyHackerOneSubHeader on User {\n  id\n  has_checklist_check_responses\n  soft_launch_invitations(state: open) {\n    total_count\n    __typename\n  }\n  __typename\n}\n"
}

Regards,
abrahack.

defparam · Answer 2 · Sat Mar 05 2022 05:17:00 GMT+0800 (China Standard Time)

I submitted a fix