No visual error output if GraphQL introspection is not allowed on the webserver

doyensec / inql

InQL is a robust, open-source Burp Suite extension for advanced GraphQL testing, offering intuitive vulnerability detection, customizable scans, and seamless Burp integration.

https://doyensec.com/

Apache License 2.0

1.55k stars 159 forks source link

No visual error output if GraphQL introspection is not allowed on the webserver #24

Closed fuomag9 closed 1 year ago

fuomag9 commented 4 years ago

Describe the bug No visual error output if GraphQL introspection is not allowed on the webserver

To Reproduce Steps to reproduce the behavior:

Go to inQL scanner
Paste the URL
Click on load
No output will be shown

Expected behavior An error message should be shown since the request failed due to GraphQL introspection not being allowed.

Desktop (please complete the following information):

OS: Windows 10 2004
Java Version: openjdk version "14.0.1" 2020-04-14
- Python Version: 3.8
- Burp Version: 2020.5

thypon commented 4 years ago

Do you mind expanding on how do you think an error should be shown? An error message is already shown in the error logs of the burp plugin, when run standalone in the console.

Moreover the full request is available in burp history in case, to debug error cases more.

I personally would like to avoid cluttering the UI with information already available elsewhere, neither I want to include easy error pop ups that will ruin the flat UI interaction.

fuomag9 commented 4 years ago

If you want to avoid a popup I'd either put is as "overwritable text" (aka the suggestion text, which is overwritten when the user starts writing) or in the interface below as something similar to an "error folder". Maybe I'm the only one but to me it wasn't obvious at first that the request failed because of the server not accepting it and I thought something was wrong either with the extension or the connection itself

MohamedBarrous commented 3 years ago

I agree with @fuomag9, the error is not clear in the error section of the Extended Tab of InQL ( it is mostly just a python error ). But the fact that the request is sent to burp history is a good solution to check for how the error occured.

sfdota commented 2 years ago

java.lang.Exception: Failed to load Python interpreter from Jython JAR file at burp.cli.(Unknown Source) at burp.ti.a(Unknown Source) at burp.lbc.run(Unknown Source) at java.lang.Thread.run(Thread.java:748)

on my mac m1 book

thypon commented 2 years ago

java.lang.Exception: Failed to load Python interpreter from Jython JAR file

at burp.cli.(Unknown Source)

at burp.ti.a(Unknown Source)

at burp.lbc.run(Unknown Source)

at java.lang.Thread.run(Thread.java:748)

on my mac m1 book

You should setup Jython to use any Jython extension.

execveat commented 1 year ago

Fixed.