('NoneType' object is not iterable) Error Message in Batch Attack

[xerox0x1]

('NoneType' object is not iterable) Error Message in Batch Attack

The issue brought up to surface, when performing a Batch Attack in a Portswigger lab, Till then, I was not quite sure if the problem in INQL itself, or the lab, However by taking a look at INQL error, I found that the error comes from this python request implemented in the tool https://github.com/doyensec/inql/blob/master/python/inql/attacker/request.py

• I doubled checked on tool's "README", but found nothing interesting, doubled checked in issues but it's not there.
• However, I maybe mistaken or done something wrong, So read carefully && pardon me if anything slipped.

To Reproduce

1. Try any batch Attack, on a request you choose to bypass a rate limit with INQL, I suggest you try this Portswigger lab to test it's "login" function. https://portswigger.net/web-security/graphql/lab-graphql-brute-force-protection-bypass

2. Modify the intended value with documented tool regex

   

3. Try to send the request, In my scenario it throwed an Error.

Expected behavior I expected the Tool will try to bypass the rate limit by providing a list with the second regex, I tried the simplest one first, but Unfortunately it did not work.

• OS: Windows 11
• Java Version:

  java 18.0.2.1 2022-08-18
  Java(TM) SE Runtime Environment (build 18.0.2.1+1-1)
  Java HotSpot(TM) 64-Bit Server VM (build 18.0.2.1+1-1, mixed mode, sharing)

  • Python Version:

    Python 3.12.1 (tags/v3.12.1:2305ca5, Dec  7 2023, 22:03:25) [MSC v.1937 64 bit (AMD64)] on win32
    Type "help", "copyright", "credits" or "license" for more information

• Burp Version:
  • Version: [2024.1.1]

[execveat]

Thanks, it's clearly a bug in InQL and I'll look into it. Btw, if you notice any other issues when going through Portswigger labs (or get ideas for feature requests), please do share with us.

[xerox0x1]

Thanks for showing interest, I'll inform you about any other errors. btw, Thanks for the great effort you && your team put in this tool, It's really Awesome, Looking forward for the next release <3