{"id":13636351,"url":"https://github.com/denniskniep/GQLRaider","last_synced_at":"2025-04-19T08:31:51.095Z","repository":{"id":39959204,"uuid":"188487720","full_name":"denniskniep/GQLRaider","owner":"denniskniep","description":"GQL Burp Extension","archived":false,"fork":false,"pushed_at":"2022-09-16T21:06:37.000Z","size":91,"stargazers_count":21,"open_issues_count":9,"forks_count":14,"subscribers_count":4,"default_branch":"develop","last_synced_at":"2025-04-01T13:51:12.416Z","etag":null,"topics":["burp","burp-extensions","burp-plugin","burpsuite-extender","gql","graphql"],"latest_commit_sha":null,"homepage":null,"language":"Java","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/denniskniep.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2019-05-24T21:08:57.000Z","updated_at":"2024-08-12T19:49:16.000Z","dependencies_parsed_at":"2022-08-25T09:10:38.955Z","dependency_job_id":null,"html_url":"https://github.com/denniskniep/GQLRaider","commit_stats":null,"previous_names":[],"tags_count":2,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/denniskniep%2FGQLRaider","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/denniskniep%2FGQLRaider/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/denniskniep%2FGQLRaider/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/denniskniep%2FGQLRaider/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/denniskniep","download_url":"https://codeload.github.com/denniskniep/GQLRaider/tar.gz/refs/heads/develop","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":249650156,"owners_count":21305976,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["burp","burp-extensions","burp-plugin","burpsuite-extender","gql","graphql"],"created_at":"2024-08-02T00:01:00.271Z","updated_at":"2025-04-19T08:31:50.819Z","avatar_url":"https://github.com/denniskniep.png","language":"Java","funding_links":[],"categories":["Beautifiers and Decoders"],"sub_categories":[],"readme":"# GraphQL Raider - GQL Burp Extension\n[![Build status](https://dev.azure.com/kniepdennis/GQL%20Raider/_apis/build/status/GQL%20Raider?branchName=master)](https://dev.azure.com/kniepdennis/GQL%20Raider/_build/latest?definitionId=1)\n\n## Description\nGraphQL Raider is a Burp Suite Extension for testing endpoints implementing GraphQL.\n\n## Features \n### Display and Editor\nThe gql query and variables are extracted from the unreadable json body and displayed in separate tabs.\n\nWhile intercepting or resending you can manipulate the gql query and variables inside the gql tab and the message will be correctly send.\n\n![Display and Editor](doc/editor-gql.png)\n\n### Scanner Insertion Points\nNot only the variables are extracted as insertion point for the scanner. Furthermore the values inside the query are also extracted as insertion point for the scanner.\n\nThe detected insertion points are displayed for information and better transparency inside the qgl tab of a message\n![Insertion Points](doc/injectionpoints-gql.png)\n\nInsertion points are used by active scanner to insert the payloads for detecting vulnerabilities. \nThe custom gql insertion points helps the active scanner to position the payloads at the correct place inside of a gql query.\n\n## GraphQL\n\u003e GraphQL is a query language for APIs and a runtime for fulfilling those queries with your existing data\n\nhttps://graphql.org/\n\n### Serving over HTTP\nhttps://graphql.org/learn/serving-over-http/\n\n#### HTTP GET \nGraphQL query should be specified in the \"query\" query string.\n\n`http://myapi/graphql?query={me{name}}`\n\n#### HTTP POST\nJSON-encoded body\n```\n{\n  \"query\": \"...\",\n  \"operationName\": \"...\",\n  \"variables\": { \"myVariable\": \"someValue\", ... }\n}\n```\n\n## Develop\n\n## Release\nA GitHub Release is triggered by AzureDevOps if commits are added to the branch `master`\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdenniskniep%2FGQLRaider","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fdenniskniep%2FGQLRaider","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdenniskniep%2FGQLRaider/lists"}