forked from doyensec/inql
-
Notifications
You must be signed in to change notification settings - Fork 0
/
BappDescription.html
21 lines (17 loc) · 1.09 KB
/
BappDescription.html
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
<p>A security testing tool to facilitate GraphQL technology security auditing efforts.</p>
<p>This extension will issue an Introspection query to the target GraphQL endpoint in order fetch metadata information for:</p>
<ul>
<li>Queries, mutations, subscriptions</li>
<li>Its fields and arguments</li>
<li>Objects and custom object types</li>
<li>Find GraphQL Cycles</li>
</ul>
<p>Using the inql extension for Burp Suite, you can:</p>
<ul>
<li>Search for known GraphQL URL paths; the tool will grep and match known values to detect GraphQL endpoints within the target website</li>
<li>Search for exposed GraphQL development consoles (GraphiQL, GraphQL Playground, and other common consoles)</li>
<li>Use a custom GraphQL tab displayed on each HTTP request/response containing GraphQL</li>
<li>Leverage the templates generation by sending those requests to Burp's Repeater tool ("Send to Repeater")</li>
<li>Leverage the templates generation and editor support by sending those requests to embedded GraphIQL ("Send to GraphiQL")</li>
<li>Configure the tool by using a custom settings tab</li>
</ul>