swisskyrepo/GraphQLmap

Doesn't Do The Instrospection (Errors Below)

Steiner-254 opened this issue · 1 comments

Steiner-254 commented

┌──(root💀kali)-[/home/pawner/GraphQLmap]
└─# graphqlmap -u "https://graphql-demo.mead.io/" --proxy http://127.0.0.1:8080

/ | | | / __ | |
| | __ _ __ __ _ _ __ | | | | | | | _ __ ___ __ _ _ __
| | | | '/ _| '_ \| '_ \| | | | | | '_ _ \ / ` | ' \
| || | | | (| | |) | | | | |__| | || | | | | | (| | |) |
_|| _,| ./|| ||______|| || ||_,_| ./
| | | |
|| ||
Author: @pentest_swissky Version: 1.1
GraphQLmap > help
[+] dump_via_introspection : dump GraphQL schema (fragment+FullType)
[+] dump_via_fragment : dump GraphQL schema (IntrospectionQuery)
[+] nosqli : exploit a nosql injection inside a GraphQL query
[+] postgresqli : exploit a sql injection inside a GraphQL query
[+] mysqli : exploit a sql injection inside a GraphQL query
[+] mssqli : exploit a sql injection inside a GraphQL query
[+] exit : gracefully exit the application
GraphQLmap > dump_via_introspection
Traceback (most recent call last):
File "/usr/local/bin/graphqlmap", line 4, in
import('pkg_resources').run_script('graphqlmap==0.0.1', 'graphqlmap')
File "/usr/lib/python3/dist-packages/pkg_resources/init.py", line 720, in run_script
self.require(requires)[0].run_script(script_name, ns)
File "/usr/lib/python3/dist-packages/pkg_resources/init.py", line 1570, in run_script
exec(script_code, namespace, namespace)
File "/usr/local/lib/python3.11/dist-packages/graphqlmap-0.0.1-py3.11.egg/EGG-INFO/scripts/graphqlmap", line 82, in
File "/usr/local/lib/python3.11/dist-packages/graphqlmap-0.0.1-py3.11.egg/EGG-INFO/scripts/graphqlmap", line 56, in init
File "/usr/local/lib/python3.11/dist-packages/graphqlmap-0.0.1-py3.11.egg/graphqlmap/attacks.py", line 32, in dump_schema
File "/usr/local/lib/python3.11/dist-packages/requests/models.py", line 900, in json
return complexjson.loads(self.text, **kwargs)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/lib/python3/dist-packages/simplejson/init.py", line 514, in loads
return _default_decoder.decode(s)
^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/lib/python3/dist-packages/simplejson/decoder.py", line 386, in decode
obj, end = self.raw_decode(s)
^^^^^^^^^^^^^^^^^^
File "/usr/lib/python3/dist-packages/simplejson/decoder.py", line 416, in raw_decode
return self.scan_once(s, idx=_w(s, idx).end())
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
simplejson.errors.JSONDecodeError: Expecting value: line 2 column 3 (char 3)

nrathaus commented

The URL you are providing isn't a graphql endpoint, its an HTML/JS entry point page