Add to collection(s) Add to saved
  1. No category
Uploaded by ayoubomex

API Pentesting Mindmap {{GraphQL Attacking}}

advertisement 
If you was able to control mutations
then you might be able to modify /
control data in server-side
Organization's github
API documentation in the application
API's documentation
Open source project with public documentation
Local documentation
etc
/graphql
Extract mutations according to the type in
introspection system
/graphiql
Common endpoints
Schema analysis
/graph
/explorer
Some times it being
left in the wild, so an attacker can get
benefit from them, it makes the query
implementation easier
GraphQL Playground
Common GraphQL IDEs
Application's behavior analysis
GraphiQL
etc
API Pentesting
Mindmap
{{GraphQL Attacking}}
Endpoint discovery
Modifying item's price
etc
Both of them can be found at SecLists
GraphQl wordlist
etc
Enumerating the whole schema then hunting
the mutations
Modifying item
PII data
Adding item
Financial data
Data retrieval
Item deletion
etc
Getting started with queries
Enumeration
Getting started with mutations
Basic enumeration
Enumerate schema fields, types and names
Deep enumeration
Enumerate the whole database schema
Query syntax
Mutations exploit
Queries exploit
etc
Brute force more than single credentials
through one query due to the nested queries
Deleting resource
etc
Query parameters / Arguments
Business logic attacks
Sessions / Cookies Retrievals
If the targets stores sessions / cookies in the
application's database, attacker can retrieve
them and inject through request to gain access
in user's account
etc
nodes
Analyzing schema
Multiple brute forcing
Modifying resource
Profiling systems
Arguments structure
Number of arguments
Possible mutations functions
Restrictions bypasses
Logging systems
Business systems
etc
e.g: Adding items to purchased section, then
confirm the orders and finally exploited without
executing the checkout function
Adding / Removing items from other users
accounts
Authentication attacks
Adding files / attachments
Both of them got payloads in
payloadAllTheThings
Bypassing checkouts
Internal data
Users managements
edges
Mutations
etc
Exploit mutations for:
Data types
Modifying item's currency
e.g: items cart
etc
e.g: Account locking bypassing if the
application for example got a mutation called:
unlock() and it takes argument for the id,
simply the attacker can unlock it's account like
this: unlock(id: 1) after that the attacker will be
able to login again
Related documents
D0725206 M07 CH04 L03 Reinforce
D0725206 M07 CH04 L03 Reinforce
Source of Variation (Skin Shade)
Source of Variation (Skin Shade)
Mutations - The Science of Survival
Mutations - The Science of Survival
Download
advertisement