This content originally appeared on DEV Community and was authored by fx2301
Why?
Capturing live examples of GraphQL queries and responses all in one place vastly simplifies recon.
When?
You most want to do this when introspection is disabled. Otherwise when you need examples to help make sense of the API's semantics, or to develop a better intuition for where the weaknesses may be.
How?
This script works out-of-the-box for the majority scenario: POST requests to /graphql that use the operationName parameter.
mitmdump -s capture.py
capture.py:
import json
import re
from mitmproxy import http
def response(flow: http.HTTPFlow) -> None:
if flow.request.url.endswith('/graphql'):
payload = json.loads(flow.request.content.decode('utf-8'))
filename = re.sub(r'[^a-zA-Z0-9]', '_', payload['operationName']) + '.example.txt'
with open(filename, 'w') as f:
json.dump(payload, fp=f, indent=2)
f.write(f"\n\n// ==== REQUEST ====\n\n")
f.write(f"{payload['query']}\n\n")
f.write("// ==== RESPONSE ====\n\n")
json.dump(json.loads(flow.response.content), fp=f, indent=2)
This content originally appeared on DEV Community and was authored by fx2301
fx2301 | Sciencx (2022-01-15T02:03:08+00:00) GraphQL API recon with mitmproxy. Retrieved from https://www.scien.cx/2022/01/15/graphql-api-recon-with-mitmproxy/
Please log in to upload a file.
There are no updates yet.
Click the Upload button above to add an update.