search

doyensec / inql

InQL is a robust, open-source Burp Suite extension for advanced GraphQL testing, offering intuitive vulnerability detection, customizable scans, and seamless Burp integration.
https://doyensec.com/
Apache License 2.0
1.53k stars 158 forks source link

GraphiQL feature is not working #72

Closed realArcherL closed 1 year ago

realArcherL commented 1 year ago

Describe the bug Hi, I am trying to send the request from the repeater tab to the GraphiQL and for some reason the server just fails to load. Ex: I have a query and send it to graphiql -> we are taken to the default browser (in my case the default browser is not the one used by Burp) localhost:64235 -> It doesn't load or keeps loading

To Reproduce Steps to reproduce the behavior:

  1. Find a website with GraphQL (ex: infosechub.io)
  2. Open the tool, intercetp the request, send it to the GraphiQL
  3. The website (localhost server) doesn't work.

Expected behavior It should be loading and allow users to send graphql request via graphql playground.

Screenshots

image

Desktop (please complete the following information):

Additional context Add any other context about the problem here. Might be similar to this https://github.com/doyensec/inql/pull/62

execveat commented 1 year ago

Hi, @realArcherL! You seem to be using the InQL version from BApp Store and this issue has been fixed in the master (but not released to the BApp Store just yet).

Please try building the InQL from the github repo (should be as easy as pip install -r requirements.txt && make ext/ext/inql_burp.py. If you don't have a development environment, here's a pre-built inql_burp.py.

inql_burp.py.zip

Just unload existing version from BApp Store and import the inql_burp.py instead.

P.S. The API you mentioned requires authorization, so you'd need to add custom headers (right click -> Set Custom Header). I'm not sure that it will work with GraphiQL though. If it doesn't, please create a new issue!