Requests sent through GraphiQL don't inherit custom headers

doyensec / inql

InQL is a robust, open-source Burp Suite extension for advanced GraphQL testing, offering intuitive vulnerability detection, customizable scans, and seamless Burp integration.

https://doyensec.com/

Apache License 2.0

1.52k stars 156 forks source link

Requests sent through GraphiQL don't inherit custom headers #69

Closed execveat closed 1 year ago

execveat commented 1 year ago

Describe the bug When the query is sent from InQL Scanner to Repeater, custom headers are injected within it. But if the query gets sent to GraphiQL, requests sent through that interface lack these custom headers, so auth does not work.

thypon commented 1 year ago

This is due to some race conditions I did not find the source of. Sometimes they work.