InQL v6.1.2 - Burp Extension for Advanced GraphQL Testing

<img align="right" width="200" src="docs/inql.png">

:rocket: Introduction

Welcome to InQL, an open-source GraphQL testing tool. This tool provides features designed to enhance your GraphQL testing experience, making it more efficient and effective.

We appreciate your trust in InQL. Happy testing!

:star2: Key Features

The InQL user interface is equipped with three primary components: the Scanner, the Batch Queries, and the Engine Fingerprinting tab

:mag_right: Scanner

The Scanner is the core of InQL, where you can analyze a GraphQL endpoint or a local introspection schema file. It auto-generates all possible queries, mutations, and subscriptions, organizing them into a structured view for your analysis.

:white_check_mark: Customizable Scans

InQL offers the flexibility to customize your scans. Adjust the depth of generated queries or the number of spaces used for indentation. You can also perform 'Points of Interest' scans to detect potential vulnerabilities in the GraphQL schema.

:white_check_mark: Points of Interest Analysis

After running a Points of Interest scan, you are presented with a rich data set covering a variety of potential vulnerabilities. You can enable or disable these categories according to your needs.

:white_check_mark: Circular References Detection

InQL implements circular reference detection. After analyzing the schema, it displays potentially vulnerable queries in the scanner results view.

:white_check_mark: Enhanced Interactions with Burp

InQL seamlessly integrates with Burp, enabling you to generate queries directly from any GraphQL request in Burp. You can also send auto-generated queries to other Burp tools for further analysis.

:white_check_mark: Custom Headers

You have the ability to set custom headers per domain, with the domain list auto-populated from observed traffic.

:crossed_swords: Batch Queries

The Batch Queries tab lets you run batch GraphQL attacks, which can be useful for circumventing poorly implemented rate limits.

:memo: Burp's Native Message Editors

Burp's native message editors now come with an additional 'GraphQL (InQL)' tab, providing an efficient way to view and modify GraphQL requests. It also supports schema highlighting for better readability.

:crossed_swords: GraphiQL and GraphQL Voyager

InQL now implements GraphiQL and GraphQL Voyager servers. You can send the analysed schame into them to enhance the analysis even further!

:point_up: Engine Fingerprinting

This tab allows you to scan a GraphQL URL to retrieve information about the backend server technology.

:construction: Schema Bruteforcer

This scanner is designed to recreate the schema when introspection is disabled. It is based on Clairvoyance CLI tool, using regex pattern matching to discover schema details.

:arrow_down: Installation

To successfully install InQL, ensure you meet the following requirements:

Burp:

• Support is only provided for the most recent version of Burp.
• Compatible with both "Professional" and "Community" editions.

Java:

• The Montoya API needs Java 17 or later.

:computer: Building the InQL extension from git

1. Install Java 17+, for example in Debian-based distros:

$ sudo apt install -y openjdk-17-jdk
$ java --version
openjdk 17.0.6 2023-01-17

2. Install our build tool - Taskfile:

$ # Mac OS & Homebrew:
$ brew install go-task
$ # Debian
$ sudo apt install -y task

2. Clone the repo and pull submodules:

$ git clone https://github.com/doyensec/inql
$ cd inql
$ # Optionally, checkout dev branch (might be broken / unstable!)
$ git checkout dev

3. Build the InQL extension:

$ task all

This should produce a file named InQL.jar or similar in the root of the repo. Load it into Burp as a Java extension.

Development environment

If you want to contribute to the project, no special environment is needed. You can simply re-build the project every time you implement a change.

To speed up the work on the code, you might want to auto-rebuild the extension whenever you make a change. Just run kotlin task with the --watch / -w flag and you're good to go:

$ task kotlin -w

:handshake: Contributing

InQL thrives on community contributions. Whether you're a developer, researcher, designer, or bug hunter, your expertise is invaluable to us. We welcome bug reports, feedback, and pull requests. Your participation helps us continue to improve InQL, making it a stronger tool for the community.

Interactions are best carried out through the Github issue tracker, but you can also reach us on social media (@Doyensec). We look forward to hearing from you!

:busts_in_silhouette: Contributors

A special thanks to our contributors. Your dedication and commitment have been instrumental in making InQL what it is today.

Current:

• Maintainer: Bartłomiej Górkiewicz @bartek-doyensec (Github)
• Contributor: Savio Sisco @lokiuox (Github)

Historical:

• Author: Andrea Brancaleoni @nJoyneer (Twitter) / thypon (Github)
• Maintainer: Andrew Konstantinov @execveat (Twitter) / @execveat (Mastodon)
• Contributor: Matteo Oldani @matteoldani (Github)
• List of other contributors: AUTHORS

This project was made with support of Doyensec.