Hacking GraphQL : Hacker101 CTF BugDB v1

Hacker 101 CTF for Beginner Level GraphQL Hacking

https://graphql.org/

Table of Contents

• Introduction
• Setup and Tools
• Introspection and Schema
• GraphQL Visualizer
• Run Queries and Find Flag
• Conclusion

Introduction

GraphQL is a query language for APIs and a runtime for fulfilling those queries with your existing data. GraphQL provides a complete and understandable description of the data in your API, gives clients the power to ask for exactly what they need and nothing more, makes it easier to evolve APIs over time, and enables powerful developer tools.

GraphQL is now very popular and is used by many companies.From a Bug Hunter’s and Web Application testing point of view this is a new skill and a attack vector which should to be added to the arsenal.

In this article we will try to learn GraphQL hacking by doing a CTF and it is assumed that you have limited knowledge of the weaknesses which a default GraphQL implementation contains.

Setup and Tools

There are few resources available out on the web to learn hacking GraphQL and one such…