inql icon indicating copy to clipboard operation
inql copied to clipboard

Published 20 hours ago verified publisher icon doyensec

No visual error output if GraphQL introspection is not allowed on the webserver

Open fuomag9 opened this issue 5 years ago • 5 comments

Describe the bug No visual error output if GraphQL introspection is not allowed on the webserver

To Reproduce Steps to reproduce the behavior:

  1. Go to inQL scanner
  2. Paste the URL
  3. Click on load
  4. No output will be shown

Expected behavior An error message should be shown since the request failed due to GraphQL introspection not being allowed.

Desktop (please complete the following information):

  • OS: Windows 10 2004
  • Java Version: openjdk version "14.0.1" 2020-04-14
  • Python Version: 3.8
  • Burp Version: 2020.5

fuomag9 avatar Jul 05 '20 19:07 fuomag9

Do you mind expanding on how do you think an error should be shown? An error message is already shown in the error logs of the burp plugin, when run standalone in the console.

Moreover the full request is available in burp history in case, to debug error cases more.

I personally would like to avoid cluttering the UI with information already available elsewhere, neither I want to include easy error pop ups that will ruin the flat UI interaction.

thypon avatar Jul 08 '20 16:07 thypon

If you want to avoid a popup I'd either put is as "overwritable text" (aka the suggestion text, which is overwritten when the user starts writing) or in the interface below as something similar to an "error folder". Maybe I'm the only one but to me it wasn't obvious at first that the request failed because of the server not accepting it and I thought something was wrong either with the extension or the connection itself

fuomag9 avatar Jul 08 '20 16:07 fuomag9

I agree with @fuomag9, the error is not clear in the error section of the Extended Tab of InQL ( it is mostly just a python error ). But the fact that the request is sent to burp history is a good solution to check for how the error occured.

MohamedBarrous avatar Jun 30 '21 02:06 MohamedBarrous

java.lang.Exception: Failed to load Python interpreter from Jython JAR file at burp.cli.(Unknown Source) at burp.ti.a(Unknown Source) at burp.lbc.run(Unknown Source) at java.lang.Thread.run(Thread.java:748)

on my mac m1 book

sfdota avatar Dec 30 '21 07:12 sfdota

java.lang.Exception: Failed to load Python interpreter from Jython JAR file

at burp.cli.(Unknown Source)

at burp.ti.a(Unknown Source)

at burp.lbc.run(Unknown Source)

at java.lang.Thread.run(Thread.java:748)

on my mac m1 book

You should setup Jython to use any Jython extension.

thypon avatar Dec 30 '21 10:12 thypon

Fixed.

image

execveat avatar Mar 28 '23 19:03 execveat