GraphQLmap icon indicating copy to clipboard operation
GraphQLmap copied to clipboard
verified publisher icon swisskyrepo

Doesn't Do The Instrospection (Errors Below)

Open Steiner-254 opened this issue 1 year ago • 1 comments

┌──(root💀kali)-[/home/pawner/GraphQLmap] └─# graphqlmap -u "https://graphql-demo.mead.io/" --proxy http://127.0.0.1:8080

/ | | | / __ | |
| | __ _ __ __ _ _ __ | | | | | | | _ __ ___ __ _ _ __
| | | | '/ _| '_ \| '_ \| | | | | | '_ _ \ / ` | ' \ | || | | | (| | |) | | | | |__| | || | | | | | (| | |) | _|| _,| ./|| ||______|| || ||_,_| ./ | | | |
|| ||
Author: @pentest_swissky Version: 1.1 GraphQLmap > help [+] dump_via_introspection : dump GraphQL schema (fragment+FullType) [+] dump_via_fragment : dump GraphQL schema (IntrospectionQuery) [+] nosqli : exploit a nosql injection inside a GraphQL query [+] postgresqli : exploit a sql injection inside a GraphQL query [+] mysqli : exploit a sql injection inside a GraphQL query [+] mssqli : exploit a sql injection inside a GraphQL query [+] exit : gracefully exit the application GraphQLmap > dump_via_introspection Traceback (most recent call last): File "/usr/local/bin/graphqlmap", line 4, in import('pkg_resources').run_script('graphqlmap==0.0.1', 'graphqlmap') File "/usr/lib/python3/dist-packages/pkg_resources/init.py", line 720, in run_script self.require(requires)[0].run_script(script_name, ns) File "/usr/lib/python3/dist-packages/pkg_resources/init.py", line 1570, in run_script exec(script_code, namespace, namespace) File "/usr/local/lib/python3.11/dist-packages/graphqlmap-0.0.1-py3.11.egg/EGG-INFO/scripts/graphqlmap", line 82, in File "/usr/local/lib/python3.11/dist-packages/graphqlmap-0.0.1-py3.11.egg/EGG-INFO/scripts/graphqlmap", line 56, in init File "/usr/local/lib/python3.11/dist-packages/graphqlmap-0.0.1-py3.11.egg/graphqlmap/attacks.py", line 32, in dump_schema File "/usr/local/lib/python3.11/dist-packages/requests/models.py", line 900, in json return complexjson.loads(self.text, **kwargs) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/usr/lib/python3/dist-packages/simplejson/init.py", line 514, in loads return _default_decoder.decode(s) ^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/usr/lib/python3/dist-packages/simplejson/decoder.py", line 386, in decode obj, end = self.raw_decode(s) ^^^^^^^^^^^^^^^^^^ File "/usr/lib/python3/dist-packages/simplejson/decoder.py", line 416, in raw_decode return self.scan_once(s, idx=_w(s, idx).end()) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ simplejson.errors.JSONDecodeError: Expecting value: line 2 column 3 (char 3)

Steiner-254 avatar Jan 19 '24 04:01 Steiner-254

The URL you are providing isn't a graphql endpoint, its an HTML/JS entry point page

nrathaus avatar Jun 04 '24 10:06 nrathaus