Graphql Introspection Query
Here is the complete request for performing GraphQL introspection on your specified target (if it is enabled):
{"query": "query IntrospectionQuery{__schema{queryType{name}mutationType{name}subscriptionType{name}types{...FullType}directives{name description locations args{...InputValue}}}}fragment FullType on __Type{kind name description fields(includeDeprecated:true){name description args{...InputValue}type{...TypeRef}isDeprecated deprecationReason}inputFields{...InputValue}interfaces{...TypeRef}enumValues(includeDeprecated:true){name description isDeprecated deprecationReason}possibleTypes{...TypeRef}}fragment InputValue on __InputValue{name description type{...TypeRef}defaultValue}fragment TypeRef on __Type{kind name ofType{kind name ofType{kind name ofType{kind name ofType{kind name ofType{kind name ofType{kind name ofType{kind name}}}}}}}}"}
Tools
- GraphQL Voyager – 🛰️ Represent any GraphQL API as an interactive graph
- graphw00f – graphw00f is GraphQL Server Engine Fingerprinting utility for software security professionals looking to learn more about what technology is behind a given GraphQL endpoint.
- InQL – Introspection GraphQL Scanner – A security testing tool to facilitate GraphQL technology security auditing efforts.
- https://github.com/gsmith257-cyber/GraphCrawler: GraphQL automated security testing toolkit
Labs
- Damn-Vulnerable-GraphQL-Application
- Portswigger Labs:
Writeups
- https://hackerone.com/reports/927567
- https://hackerone.com/reports/873366
- https://securitycipher.medium.com/1000-bug-using-simple-graphql-introspection-query-b68da8260877