Security Cipher

  1. Home
  2. Docs
  3. Security Resources
  4. Penetration Testing Trick...
  5. Graphql [Inprogress]

Graphql [Inprogress]

Graphql Introspection Query

Here is the complete request for performing GraphQL introspection on your specified target (if it is enabled):

{"query": "query IntrospectionQuery{__schema{queryType{name}mutationType{name}subscriptionType{name}types{...FullType}directives{name description locations args{...InputValue}}}}fragment FullType on __Type{kind name description fields(includeDeprecated:true){name description args{...InputValue}type{...TypeRef}isDeprecated deprecationReason}inputFields{...InputValue}interfaces{...TypeRef}enumValues(includeDeprecated:true){name description isDeprecated deprecationReason}possibleTypes{...TypeRef}}fragment InputValue on __InputValue{name description type{...TypeRef}defaultValue}fragment TypeRef on __Type{kind name ofType{kind name ofType{kind name ofType{kind name ofType{kind name ofType{kind name ofType{kind name ofType{kind name}}}}}}}}"}

Tools

Labs

Writeups

Reading

https://portswigger.net/web-security/graphql

Leave a Reply