RedTeam
3.Web-Hacking
5.Others
API
GraphQL

Mutation = Like POST Request

Query = Like GET

create columns name (identify more easily the request)

use the X query to find all the database elements and put this in graphql voyager

  • search for query
  • potential loops (DoS)

enumerating the graphql by error and try, graphql will give you potential options you can try if you get it wrong, this can be exploited with a tool like clearvoyance that will go trougth a wordlist and try to find other section of graphql

APIActive Reconnaissance API