reddit hackernews mail facebook facebook linkedin


Burp Extension for GraphQL Security Testing.

A security testing tool to facilitate GraphQL technology security auditing efforts.

InQL can be used as a stand-alone script or as a Burp Suite extension.

Since version 1.0.0 of the tool, InQL was extended to operate within Burp Suite. In this mode, the tool will retain all the stand-alone script capabilities and add a handy user interface for manipulating queries.

- Search for known GraphQL URL paths
- Search for exposed GraphQL development consoles
- Use a custom GraphQL tab displayed on each HTTP request/response containing GraphQL
- Leverage the templates generation by sending those requests to Burp's Repeater tool
- Leverage the templates generation and editor support by sending those requests to embedded GraphIQL
- Configure the tool by using a custom settings tab