Research Academy
My account Customers About Blog Careers Legal Contact Resellers
  1. Support Center
  2. BApp Store
  3. InQL - Introspection GraphQL Scanner

Professional Community

InQL - Introspection GraphQL Scanner

Download BApp

A security testing tool to facilitate GraphQL technology security auditing efforts.

This extension will issue an Introspection query to the target GraphQL endpoint in order fetch metadata information for:

  • Queries, mutations, subscriptions
  • Its fields and arguments
  • Objects and custom object types
  • Find GraphQL Cycles

Using the inql extension for Burp Suite, you can:

  • Search for known GraphQL URL paths; the tool will grep and match known values to detect GraphQL endpoints within the target website
  • Search for exposed GraphQL development consoles (GraphiQL, GraphQL Playground, and other common consoles)
  • Use a custom GraphQL tab displayed on each HTTP request/response containing GraphQL
  • Leverage the templates generation by sending those requests to Burp's Repeater tool ("Send to Repeater")
  • Leverage the templates generation and editor support by sending those requests to embedded GraphIQL ("Send to GraphiQL")
  • Configure the tool by using a custom settings tab

Author

 Author

Andrea Brancaleoni @ Doyensec

Version

 Version

4.0.6

Rating

 Rating

Popularity

 Popularity

Last updated

 Last updated

11 January 2023

Estimated system impact

 Estimated system impact

Overall impact: High

Memory
Low
CPU
Low
General
High
Scanner
Low

You can install BApps directly within Burp, via the BApp Store feature in the Burp Extender tool. You can also download them from here, for offline installation into Burp.

You can view the source code for all BApp Store extensions on our GitHub page.

Follow @BApp_Store on Twitter to receive notifications of all BApp releases and updates.

Please note that extensions are written by third party users of Burp, and PortSwigger Web Security makes no warranty about their quality or usefulness for any particular purpose.

Go back to BappStore

Note:

Please note that extensions are written by third party users of Burp, and PortSwigger Web Security makes no warranty about their quality or usefulness for any particular purpose.