-
Notifications
You must be signed in to change notification settings - Fork 163
/
Copy pathBappDescription.html
18 lines (14 loc) · 1.26 KB
/
BappDescription.html
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
<p>This Burp extension is designed to assist in your GraphQL security testing efforts.</p>
<p>The main tool provided by InQL v6.0 is a customizable scanner to analyze a GraphQL endpoint or a local
introspection schema file. It generates all possible queries, mutations, and subscriptions, presenting them in an organized view
for thorough analysis. Scanner results can be sent to Burp's Repeater or Intruder tools for further testing.</p>
<p>Here are some other features that make InQL v6.0 an indispensable tool for your auditing needs:</p>
<ul>
<li>Points of interest analysis for identification of PII, authentication, authorization, and other sensitive data in GraphQL schema.</li>
<li>The new Attacker component for batch GraphQL attacks, handy for testing rate limit bypasses and DoS vectors.</li>
<li>Identification of GraphQL endpoints and development console such as GraphiQL, and GraphQL Voyager</li>
<li>Integration of a custom GraphQL tab in Burp's native HTTP message editor, visualizing GraphQL payload.</li>
<li>Circular references detection, allowing to easily identify queries potentially vulnerable to DoS attacks.</li>
<li>Configuration of the tool via a custom settings tab for more precise control.</li>
</ul>
<p>Happy testing and stay tuned for more updates!</p>