ฝัง
- เผยแพร่เมื่อ 3 ส.ค. 2024
- 👩🎓👨🎓 Learn about GraphQL API vulnerabilities! This video provides an introduction to GraphQL; What is it? How does it work? What are schemas, queries, mutations, fields, arguments, variables, aliases, fragments etc? How do subscriptions and introspection work? How can we work with GraphQL APIs in burp suite? How to find endpoints, exploit unsanitised arguments, discvoer schema info etc. This theory-focused video will provide the fundamental background knowledge required for the practical labs, covered in future videos 🔜
If you're struggling with the concepts covered in this video, please review portswigger.net/web-security/... + portswigger.net/burp/document... + portswigger.net/web-security/... 🧠
🔗 Portswigger challenge: portswigger.net/web-security/...
🧑💻 Sign up and start hacking right now - go.intigriti.com/register
👾 Join our Discord - go.intigriti.com/discord
🎙️ This show is hosted by / _cryptocat ( @_CryptoCat ) & / intigriti
👕 Do you want some Intigriti Swag? Check out swag.intigriti.com
Overview:
0:00 Intro
0:30 GraphQL API vulnerabilities
1:11 What is GraphQL?
1:48 How GraphQL works
2:39 What is a GraphQL schema?
3:25 What are GraphQL queries?
4:21 What are GraphQL mutations?
5:17 Components of queries and mutations
5:23 Components: fields
5:50 Components: arguments
6:20 Components: variables
7:19 Components: aliases
8:05 Components: fragments
8:30 Subscriptions
9:00 Introspection
9:38 Working with GraphQL in Burp Suite
11:53 Finding GraphQL endpoints
13:50 Exploiting unsanitized arguments
14:43 Discovering schema information
17:39 Conclusion
dude we need a video on hunting methodologies, a one in your clear format is what the community needs
📜✍
#Mizan
#Intigriti