Brute Force Verification Form in GraphQL

[dids-reyes]

Is this possible?

hydra -P path/to/my/wordlist.txt https:target.com https-post-form "{"variables":{},"query":"mutation {\n changePassword(password: \"Password\", verificationCode: \"^PASS^\", mobileNo: \"number\")\n}\n"}"

i don't need a login flag since i want to brute force only one field verificationCode. But it doesn't work with https, or in GraphQL mutation, am i doing it wrong?

[vanhauser-thc]

you could set the login to be the mobileno and insert that