AttributeError: 'str' object has no attribute 'get'
Closed this issue · 6 comments
Hello,
I'm getting the following error message on two different linux distros when running the command on a target.
python3 ./main.py -f -t https://example.com/graphql
[*] Attempting to fingerprint...
Traceback (most recent call last):
File "/home/x/Desktop/graphw00f/./main.py", line 172, in <module>
main()
File "/home/x/Desktop/graphw00f/./main.py", line 148, in main
result = g.execute(url)
^^^^^^^^^^^^^^
File "/home/x/Desktop/graphw00f/graphw00f/lib.py", line 58, in execute
elif self.engine_graphql_yoga():
^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/home/x/Desktop/graphw00f/graphw00f/lib.py", line 136, in engine_graphql_yoga
if error_contains(response, 'asyncExecutionResult[Symbol.asyncIterator] is not a function') or error_contains(response, 'Unexpected error.'):
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/home/x/Desktop/graphw00f/graphw00f/helpers.py", line 32, in error_contains
err_message = i.get(part, '')
^^^^^
AttributeError: 'str' object has no attribute 'get'
Hi there,
Can you share which GraphQL server are you testing against? can you reproduce this against any GraphQL server?
are you asking for the URL ?
and i am facing this same error too on my target URL but for confirmation i checked on another URL...it works on another but this is not working on my target..what i can do
Unfortunately I don't have the host anymore and I didn't post it at the time because it was a private bug bounty program. I can say that I discovered the host was a cname after using DIG, so maybe it has something to do with that
Every GraphQL server behaves a little different, especially when malformed requests are thrown at them. I need to be able to reproduce this against the URL that's misbehaving
Closing for now