GraphQL
GraphQL: GraphQL IDE Monorepo.
GraphQLmap: A scripting engine to interact with a graphql endpoint for pentesting purposes.
InQL + burpsuite: InQL can be used as a stand-alone script, or as a Burp Suite extension (available for both Professional and Community editions).
Configuration Burpsuite
Add Bearer- token
Use the context menu to send it to the Repeater (inql: Sent to graphiQL)

References

https://busk3r.medium.com/hacking-graphql-for-fun-and-profit-part-1-understanding-graphql-basics-72bb3dd22efa
busk3r.medium.com
https://busk3r.medium.com/hacking-graphql-for-fun-and-profit-part-2-methodology-and-examples-5992093bcc24
busk3r.medium.com
Last modified 10mo ago
Copy link
Contents
References