GraphQL

GraphQL: GraphQL IDE Monorepo.

GraphQLmap: A scripting engine to interact with a graphql endpoint for pentesting purposes.

InQL + burpsuite: InQL can be used as a stand-alone script, or as a Burp Suite extension (available for both Professional and Community editions).

Add Bearer- token

Use the context menu to send it to the Repeater (inql: Sent to graphiQL)

References

https://busk3r.medium.com/hacking-graphql-for-fun-and-profit-part-1-understanding-graphql-basics-72bb3dd22efabusk3r.medium.com

https://busk3r.medium.com/hacking-graphql-for-fun-and-profit-part-2-methodology-and-examples-5992093bcc24busk3r.medium.com

PreviousPath Traversal NextJWT

Last updated 2 years ago