GraphQL
Enumerating GraphQL
When performing reconaissance, ensure the following paths are in your wordlist:
After identifying a GraphQL endpointl, the next step is to submit an introspection query to discover what queries it supports:
This query can be submitted in a POST
request using Burp Suite, the following screenshot demonstrates:
If Introspection is disabled, then you will need to manually test for valid querie. The following tools can be leveraged as well as Burp Suite's Intruder:
Resources
Practice
Last updated