Description
InQL is a Burp Suite extension for advanced GraphQL testing. It can introspect schemas, generate queries, detect security issues, and fuzz GraphQL endpoints. Essential for testing modern APIs using GraphQL.
Installation
BASH
# Burp Suite BApp Store
# Burp → Extender → BApp Store → Search "InQL" → Install
# Standalone CLI
pip3 install inql
# From source
git clone https://github.com/doyensec/inql.git
cd inql && pip3 install .Basic Usage
BASH
# CLI — Introspect a GraphQL endpoint
inql -t https://target.com/graphql
# Generate queries from schema
inql -t https://target.com/graphql -o output/
# Introspect with authentication
inql -t https://target.com/graphql -H "Authorization: Bearer TOKEN"Advanced Usage
BASH
# Generate all possible queries/mutations
inql -t https://target.com/graphql --generate-all
# Check for introspection enabled
curl -s -X POST https://target.com/graphql \
-H "Content-Type: application/json" \
-d '{"query":"{ __schema { types { name } } }"}'
# Fuzz with custom payloads
inql -t https://target.com/graphql --fuzz
# Export schema
inql -t https://target.com/graphql --schema-output schema.jsonCommon Workflows
BASH
# Full GraphQL audit
# 1. Check if introspection is enabled
# 2. Use InQL to dump schema
# 3. Look for sensitive queries/mutations (user data, admin functions)
# 4. Test for IDOR in queries
# 5. Test for injection in mutation inputs
# 6. Check for batching attacks (rate limiting bypass)
# Batching attack
curl -X POST https://target.com/graphql -H "Content-Type: application/json" \
-d '[{"query":"mutation { login(user:\"admin\",pass:\"pass1\") { token } }"},
{"query":"mutation { login(user:\"admin\",pass:\"pass2\") { token } }"},
{"query":"mutation { login(user:\"admin\",pass:\"pass3\") { token } }"}]'