search

swisskyrepo / GraphQLmap

GraphQLmap is a scripting engine to interact with a graphql endpoint for pentesting purposes. - Do not use for illegal testing ;)
MIT License
1.33k stars 187 forks source link

Impossible to Map These Introspection Disabled GQL APIs | [Apollo Servers] #54

Open XMVZ opened 1 year ago

XMVZ commented 1 year ago

If anyone could give me a hand -- running into this issue with pretty much every GraphQL enumeration / mapping tool or library for the following URLs. I'm not sure if there is some additional variable I'm missing that I need to be including or potentially a different URL? No clue.

https://api.hypedrop.com/graphql [Apollo | Introspection Disabled]

https://api.hypeup.com/graphql [Apollo | Introspection Disabled]

http://api.csgoroll.com/graphql [Apollo | Introspection Disabled]

Seriously any and all help appreciated as this has been driving me insane!

Thank you so much for an amazing repo & tool. I hope to be able to utilize it!

x

cbrunnkvist commented 8 months ago

If schema introspection is disabled on the server, it is disabled :)

You can try using a brute-forcing tool such as https://github.com/nikitastupin/clairvoyance instead but that is obviously both much more invasive and unreliable.