⛏️Write a test to Brute force GraphQL API

[ankush-jain-akto]

💭 Introduction: GraphQL has gained a lot of popularity and love from the dev world. Its flexibility is one of the most powerful features. At the same time, it makes it very easy for devs to understand the root cause for any API-related problem. The excessive error description should NOT be available in prod mode.

🎯 Requirements:

• Basic experience with Java
• Basic experience with GraphQL

✅ Task summary:

• [ ] Ask to be assigned to the issue.
• [ ] Wait to be assigned. We will try to assign in less than 2 hours.
• [ ] Read more about batching attacks here.
• [ ] The task is to detect if we can batch multiple otp-verification queries in the same API call successfully
• [ ] Create a file BruteForceOtpGraphQLTest.java. You should write a test based on an already existing GraphQL test (yet to be added here by @ankush-jain-akto).
• [ ] Run for only those APIs which have "otp" as a param in the request and the value as a number (<= 6 digits).
• [ ] The test should take the request and add 199 similar requests in the same query array - each with a diff number.
• [ ] Check if the all responses contain the same error. If yes, server actually tried to verify each of the 200 requests and this is a vuln.

🙋🏼‍♂️ Questions: If you have questions, need any help, or just want to hang out, make sure to join us on our Discord server.