search

PortSwigger / BChecks

BChecks collection for Burp Suite Professional and Burp Suite Enterprise Edition
https://portswigger.net/burp/documentation/scanner/bchecks
GNU Lesser General Public License v3.0
588 stars 104 forks source link

Adding GraphQL Module #153

Closed nithisshs closed 7 months ago

nithisshs commented 7 months ago
Hannah-PortSwigger commented 7 months ago

Hi.

Thank you very much for your submission!

Unfortunately, this BCheck is very similar to our existing native GraphQL scan checks.

Have you found that your BCheck returns results above and beyond any native issues?

nithisshs commented 7 months ago

Well it will have detection only based on GET based CSRF attacks on GraphQL

Attaching the following h1 report as a reference

https://hackerone.com/reports/1122408