内容简介:As a part of our continuing security research journey, we started developing an internal tool to speed-up GraphQL security testing efforts. We’re excited to announce that InQL isInQL can be used as a stand-alone script, or as a
InQL is now public!
As a part of our continuing security research journey, we started developing an internal tool to speed-up GraphQL security testing efforts. We’re excited to announce that InQL is available on Github .
InQL can be used as a stand-alone script, or as a Burp Suite extension (available for both Professional and Community editions). The tool leverages GraphQL built-in introspection query to dump queries , mutations , subscriptions , fields, arguments and retrieve default and custom objects. This information is collected and then processed to construct API endpoints documentation in the form of HTML and JSON schema. InQL is also able to generate query templates for all the known types. The scanner has the ability to identify basic query types and replace them with placeholders that will render the query ready to be ingested by a remote API endpoint.
We believe this feature, combined with the ability to send query templates to Burp’s Repeater, will decrease the time to exploit vulnerabilities in GraphQL endpoints and drastically lower the bar for security research against GraphQL tech stacks.
InQL Scanner Burp Suite Extension
Using the inql
extension for Burp Suite, you can:
- Search for known GraphQL URL paths; the tool will grep and match known values to detect GraphQL endpoints within the target website
- Search for exposed GraphQL development consoles ( GraphiQL , GraphQL Playground , and other common utilities)
- Use a custom GraphQL tab displayed on each HTTP request/response containing GraphQL
- Leverage the template generation by sending those requests to Burp’s Repeater tool
- Configure the tool by using a custom settings tab
Enabling InQL Scanner Extension in Burp
To use inql
in Burp Suite, import the Python extension:
- Download the latest Jython Jar
- Download the latest version of InQL scanner
- Start Burp Suite
- Extender Tab > Options > Python Enviroment > Set the location of Jython standalone JAR
- Extender Tab > Extension > Add > Extension Type > Select Python
- Extension File > Set the location of
inql_burp.py
> Next - The output window should display the following message:
InQL Scanner Started!
In the next future, we might consider integrating the extension within Burp’s BApp Store.
InQL Demo
We completely revamped the command line interface in light of InQL’s public release. This interface retains most of the Burp plugin functionalities.
It is now possible to install the tool with pip
and run it through your favorite CLI.
pip install inql
For all supported options, check the command line help:
usage: inql [-h] [-t TARGET] [-f SCHEMA_JSON_FILE] [-k KEY] [-p PROXY] [--header HEADERS HEADERS] [-d] [--generate-html] [--generate-schema] [--generate-queries] [--insecure] [-o OUTPUT_DIRECTORY] InQL Scanner optional arguments: -h, --help show this help message and exit -t TARGET Remote GraphQL Endpoint (https://<Target_IP>/graphql) -f SCHEMA_JSON_FILE Schema file in JSON format -k KEY API Authentication Key -p PROXY IP of web proxy to go through (http://127.0.0.1:8080) --header HEADERS HEADERS -d Replace known GraphQL arguments types with placeholder values (useful for Burp Suite) --generate-html Generate HTML Documentation --generate-schema Generate JSON Schema Documentation --generate-queries Generate Queries --insecure Accept any SSL/TLS certificate -o OUTPUT_DIRECTORY Output Directory
An example query can be performed on one of the numerous exposed APIs , e.g anilist.co
endpoints:
$ $ inql -t https://anilist.co/graphql [+] Writing Queries Templates | Page | Media | MediaTrend | AiringSchedule | Character | Staff | MediaList | MediaListCollection | GenreCollection | MediaTagCollection | User | Viewer | Notification | Studio | Review | Activity | ActivityReply | Following | Follower | Thread | ThreadComment | Recommendation | Like | Markdown | AniChartUser | SiteStatistics [+] Writing Queries Templates | UpdateUser | SaveMediaListEntry | UpdateMediaListEntries | DeleteMediaListEntry | DeleteCustomList | SaveTextActivity | SaveMessageActivity | SaveListActivity | DeleteActivity | ToggleActivitySubscription | SaveActivityReply | DeleteActivityReply | ToggleLike | ToggleLikeV2 | ToggleFollow | ToggleFavourite | UpdateFavouriteOrder | SaveReview | DeleteReview | RateReview | SaveRecommendation | SaveThread | DeleteThread | ToggleThreadSubscription | SaveThreadComment | DeleteThreadComment | UpdateAniChartSettings | UpdateAniChartHighlights [+] Writing Queries Templates [+] Writing Queries Templates
The resulting HTML documentation page will contain details for all available queries, mutations, and subscriptions.
Stay tuned!
Back in May 2018, we published ablog post on GraphQL security where we focused on vulnerabilities and misconfigurations. As part of that research effort, we developed a simple script to query GraphQL endpoints. After the publication, we received a lot of positive feedbacks that sparked even more interest in further developing the concept. Since then, we have refined our GraphQL testing methodologies and tooling. As part of our standard customer engagements, we often perform testing against GraphQL technologies, hence we expect to continue our research efforts in this space. Going forward, we will keep improving detection and make the tool more stable.
This project was made with love in the Doyensec Research island .
以上所述就是小编给大家介绍的《InQL Scanner》,希望对大家有所帮助,如果大家有任何疑问请给我留言,小编会及时回复大家的。在此也非常感谢大家对 码农网 的支持!
猜你喜欢:本站部分资源来源于网络,本站转载出于传递更多信息之目的,版权归原作者或者来源机构所有,如转载稿涉及版权问题,请联系我们。
莱昂氏UNIX源代码分析
(澳)John Lions / 尤晋元 / 机械工业出版社 / 2000-7-1 / 49.00
本书由上、下两篇组成。上篇为UNIX版本6的源代码,下篇是莱昂先生对UNIX操作系统版本6源代码的详细分析。本书语言简洁、透彻,曾作为未公开出版物广泛流传了二十多年,是一部杰出经典之作。本书适合UNIX操作系统编程人员、大专院校师生学习参考使用。一起来看看 《莱昂氏UNIX源代码分析》 这本书的介绍吧!