Member-only story
Advanced Practical Tips & Tricks to find GraphQL Vulnerability in Bug Bounties
Hi geeks, it4chis3c (Twitter) came-up with another bounty earning write-up in the Bug Bounty Hunting Series:
Setup & Tools
Install Essential Tools
- Burp Suite Community Edition: Intercept and modify requests.
- Altair GraphQL Client: Craft and test queries (Chrome extension or desktop app).
- InQL (Burp Extension): Automatically generate queries from schemas.
- GraphQLmap: Test for injections.
- Clairvoyance: Brute-force schemas.
Install Commands:
# Clairvoyance
pip install clairvoyance
# GraphQLmap
git clone https://github.com/swisskyrepo/GraphQLmap
cd GraphQLmap && pip install -r requirements.txt
# InQL
Install via Burp Suite → Extender → BApp Store. 
