GraphQL API
Finding GraphQL endpoints
# Universal queries
send: { "query": "query{__typename}" }
search for: {"data": {"__typename": "query"}} Probing for introspection
# Introspection probe request
{
"query": "{__schema{queryType{name}}}"
}
# Bypassing GraphQL introspection defences
query=query{%20__schema%0A{queryType{name}}}Running a full introspection query
query IntrospectionQuery {
__schema {
queryType {
name
}
mutationType {
name
}
subscriptionType {
name
}
types {
...FullType
}
directives {
name
description
args {
...InputValue
}
#onOperation #Often needs to be deleted to run query
#onFragment #Often needs to be deleted to run query
#onField #Often needs to be deleted to run query
}
}
}
fragment FullType on __Type {
kind
name
description
fields(includeDeprecated: true) {
name
description
args {
...InputValue
}
type {
...TypeRef
}
isDeprecated
deprecationReason
}
inputFields {
...InputValue
}
interfaces {
...TypeRef
}
enumValues(includeDeprecated: true) {
name
description
isDeprecated
deprecationReason
}
possibleTypes {
...TypeRef
}
}
fragment InputValue on __InputValue {
name
description
type {
...TypeRef
}
defaultValue
}
fragment TypeRef on __Type {
kind
name
ofType {
kind
name
ofType {
kind
name
ofType {
kind
name
}
}
}
}Visualizing introspection results
http://nathanrandal.com/graphql-visualizer/
InQL in Burp Suite ExtensionLast updated