A security testing tool to facilitate GraphQL technology security auditing efforts.

This extension will issue an Introspection query to the target GraphQL endpoint in order fetch metadata information for:

• Queries, mutations, subscriptions
• Its fields and arguments
• Objects and custom object types
• Find GraphQL Cycles

Using the inql extension for Burp Suite, you can:

• Search for known GraphQL URL paths; the tool will grep and match known values to detect GraphQL endpoints within the target website
• Search for exposed GraphQL development consoles (GraphiQL, GraphQL Playground, and other common consoles)
• Use a custom GraphQL tab displayed on each HTTP request/response containing GraphQL
• Leverage the templates generation by sending those requests to Burp's Repeater tool ("Send to Repeater")
• Leverage the templates generation and editor support by sending those requests to embedded GraphIQL ("Send to GraphiQL")
• Configure the tool by using a custom settings tab