Thursday, July 7, 2022
HomeHackerGraphQL Password Brute-Drive And Fuzzing Utility

GraphQL Password Brute-Drive And Fuzzing Utility




CrackQL is a GraphQL password brute-force and fuzzing utility.

CrackQL is a flexible GraphQL penetration testing device that exploits poor rate-limit and price evaluation controls to brute-force credentials and fuzz operations.

The way it works?

CrackQL works by robotically batching a single GraphQL question or mutation into a number of alias operations. It determines the variety of aliases to make use of primarily based on the CSV enter variables. After programmatically producing the batched GraphQL doc, CrackQL then batches and sends the payload(s) to the goal GraphQL API and parses the outcomes and errors.

Assault Use Instances

CrackQL can be utilized for a variety of GraphQL assaults because it programmatically generates payloads primarily based on an inventory of dynamic inputs.

Protection Evasion

Not like Burp Intruder which sends a request for every distinctive payload, CrackQL evades conventional API HTTP rate-limit monitoring defenses through the use of a number of alias queries to stuff massive units of credentials into single HTTP requests. To bypass question value evaluation defenses, CrackQL will be optimized into utilizing a collection of smaller batched operations (-b) in addition to a time delay (-D).

Password Spraying Brute-forcing

CrackQL is ideal in opposition to GraphQL deployments that leverage in-band GraphQL authentication operations (such because the GraphQL Authentication Module). The under password spraying instance works in opposition to DVGA with the sample-inputs/users-and-passwords.csv dictionary.

sample-queries/login.graphql

mutation {
login(username: {str}, password: {str}) {
accessToken
}
}

Two-factor Authentication OTP Bypass

It’s doable to make use of CrackQL to bypass two-factor authentication by sending all OTP (One Time Password) tokens

sample-queries/otp-bypass.graphql

mutation {
twoFactor(otp: {int}) {
accessToken
}
}

Person Account Enumeration

CrackQL may also be used for enumeration assaults to find legitimate person ids, usernames and electronic mail addresses

sample-queries/enumeration.graphql

question {
signup(electronic mail: {str}, password: {str}) {
person {
electronic mail
}
}
}

Insecure Direct Object Reference

CrackQL may very well be used to iterate over a lot of potential distinctive identifiers with a view to leak object info

sample-queries/idor.graphql

question {
profile(uuid: {int}) {
title
electronic mail
image
}
}

Normal Fuzzing

CrackQL can be utilized for common enter fuzzing operations, reminiscent of sending potential SQLi and XSS payloads.

Inputs

CrackQL will generate payloads primarily based on enter variables outlined by a CSV file. CrackQL requires the CSV header to match the enter title.

sample-inputs/usernames_and_passwords.csv

username, password
admin, admin
admin, password
admin, cross
admin, pass123
admin, password123
operator, operator
operator, password
operator, cross
operator, pass123
operator, password123

Legitimate enter varieties

Set up

Necessities

  • Python3
  • Requests
  • GraphQL
  • Jinja

Clone Repository

git clone [email protected]:nicholasaleks/CrackQL.git

Get Dependencies

pip set up -r necessities.txt

Run CrackQL

python3 CrackQL.py -h

Configuration

Use config.py to set HTTP cookies and headers if the endpoint requires authentication.

Maintainers

Mentions



RELATED ARTICLES

LEAVE A REPLY

Please enter your comment!
Please enter your name here

- Advertisment -
Google search engine

Most Popular

Recent Comments