Steps to use:
Install this extension in chrome by following:
- Download the zip using GitHub. Extract it.
- Visit chrome://extensions (via omnibox or menu -> Tools -> Extensions).
- Enable Developer mode by ticking the checkbox in the upper-right corner.
- Click on the "Load unpacked extension..." button.
- Select the directory containing your unpacked extension.
After installation:
-
Open Hacktivity(https://hackerone.com/hacktivity).
-
Select Type
Disclosedfrom the left hand menu. If any other type is selected, it'll give 500 errors on the server side. -
Click on the extension icon, a popup will appear, click on yes to enable the extension and reload the page. You should now be seeing only the private reports on the hacktivity.
-
To restore, just click on the icon and click on the
Noradio button and refresh the page
How does this work?
- The content-script is injected only on the Hackerone Hacktivity page(you can verify this in the manifest.json file) and the script cannot be injected anywhere else
- Once injected it checks if the extension is enabled or not using the chrome storage API where this setting is being persisted.
- If the extension is enabled,
cs.jsis injected in the browser page, which patches thefetchfunction of this page and enables interception. - It intercepts only the GraphQL requests with
operationNameequal toHacktivityPageQuery. This can be verified incs.js - The JSON body is parsed and the condition
{"state":{"_eq":"soft_launched"}}is added to theteampart in the GraphQL variables.
Just make sure Type is selected as Disclosed as non-disclosed reports are not working with soft_launched option for some reason(gives 500 server error). All other settings should by default work as we are just adding the condition and not removing anything. So for example, sorting should work based on popularity and time as they do normally. I can't provide screenshots for obvious reasons as my private programs would be disclosed :P