Shulou(Shulou.com)05/31 Report--

For GraphQL security testing Burp extension InQL is what, I believe that many inexperienced people do not know what to do, so this paper summarizes the causes of the problem and solutions, through this article I hope you can solve this problem.

InQL Scanner

InQL Scanner is not only a security testing tool, but also a Burp Suite extension. With its help, the majority of researchers can better audit the security of GraphQL technology.

InQL can be run directly as a script or as a Burp Suite extension to perform tasks.

Tool download

Researchers can use the following commands to clone the InQL project source code locally:

Git clone https://github.com/doyensec/inql.gitInQL runs separately-script

After installing the Python environment in your host environment, run inql, and the script will send a self-test query request to the target GraphQL node and try to get the following metadata information:

1 、 Query/Mutation/Subscription

2. Fields and parameters

3. Objects and custom object types

InQL can check the results of introspection queries and generate clean and concise documents in different data formats, such as HTML and JSON. In addition, InQL can generate templates (optional placeholders) based on all known underlying data types.

The resulting HTML document page will contain details about all valid Query/Mutation/Subscription, as shown in the example:

In the sample diagram given below, the use of template generation is shown:

Tool help information

To view all the option parameters supported by InQL, you can use the help command to view:

Usage: inql [- h] [- t TARGET] [- f SCHEMA_JSON_FILE] [- k KEY] [- p PROXY] [--header HEADERS HEADERS] [- d] [--generate-html] [--generate-schema] [--generate-queries] [--insecure] [- o OUTPUT_DIRECTORY] InQL Scanneroptional arguments:-h -help show this help message and exit-t TARGET Remote GraphQL Endpoint (https:///graphql)-f SCHEMA_JSON_FILE Schema file in JSON format-k KEY API Authentication Key-p PROXY IP of web proxy to go through (http://127.0.0.1:8080)-- header HEADERS HEADERS-d Replace known GraphQL arguments types with) Placeholder values (useful for Burp Suite)-- generate-html Generate HTML Documentation-- generate-schema Generate JSON Schema Documentation-- generate-queries Generate Queries-- insecure Accept any SSL/TLS certificate-o OUTPUT_DIRECTORY Output DirectoryInQL Burp Suite extension

InQL has supported execution as a Burp Suite extension since the v1.0 version of InQL. In this mode, the tool not only has all the functions of independent scripts, but also provides researchers with a more convenient user interface to execute queries with the help of Burp Suite.

InQL's Burp Suite extension mode has the following features:

1. Search for known GraphQL URL paths, tools to search and match known values to detect GraphQL nodes within the target site

2. Search for exposed GraphQL development consoles (GraphiQL, GraphQL Playground and other common consoles)

3. Use a custom GraphQL tag to display each HTTP request / response that contains GraphQL

4. Generate a template by sending a request to the Repeater tool of Burp

5. Configure the tool by using a custom setting label

If you want to use InQL in Burp Suite, then you need to import the Python extension: 1. Download Jython Jar: [click I download]

2. Enable Burp Suite

3. Click the Extender tab > options > Python Environment > set Jython stand-alone Jar package address

4. Click the Extender tab > expand > add > extension Type > Select Python

5. Download the latest version of inql_burp.py: [click me to download]

6. Click expand File > set the address of inql_burp.py > next

7. If everything is configured properly, the output should be: InQL Scanner Started!

Note: we will then consider integrating the InQL extension into Burp's BApp Store.

Burp extension usage

The use of the InQL Burp extension is very simple, we just need to follow these steps:

1. In the input window at the top, load a GraphQL node or load a JSON file

2. Click the "load" button

3. After waiting for a few seconds, the panel on the left will refresh the directory structure of the selected target node. The reference example of this directory structure is as follows:

4. Select any one of the Query/Mutation/Subscription and the tool will display the corresponding template in the main text field.

After reading the above, have you mastered the method of Burp extension InQL for GraphQL security testing? If you want to learn more skills or want to know more about it, you are welcome to follow the industry information channel, thank you for reading!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.