1. Support Center
  2. BApp Store
  3. InQL - Introspection GraphQL Scanner

InQL - Introspection GraphQL Scanner

A security testing tool to facilitate GraphQL technology security auditing efforts.

This extension will issue an Introspection query to the target GraphQL endpoint in order fetch metadata information for:

  • Queries, mutations, subscriptions
  • Its fields and arguments
  • Objects and custom object types

Using the inql extension for Burp Suite, you can:

  • Search for known GraphQL URL paths; the tool will grep and match known values to detect GraphQL endpoints within the target website
  • Search for exposed GraphQL development consoles (GraphiQL, GraphQL Playground, and other common consoles)
  • Use a custom GraphQL tab displayed on each HTTP request/response containing GraphQL
  • Leverage the templates generation by sending those requests to Burp's Repeater tool ("Send to Repeater")
  • Leverage the templates generation and editor support by sending those requests to embedded GraphIQL ("Send to GraphiQL")
  • Configure the tool by using a custom settings tab
Author Doyensec
Version 2.0.0
Rating
Popularity
Last updated 03 June 2020

You can install BApps directly within Burp, via the BApp Store feature in the Burp Extender tool. You can also download them from here, for offline installation into Burp.

You can view the source code for this BApp by visiting our GitHub page.
Follow @BApp_Store on Twitter to receive notifications of all BApp releases and updates.
Download BApp

Please note that extensions are written by third party users of Burp, and PortSwigger Web Security makes no warranty about their quality or usefulness for any particular purpose.

Go back to BappStore