Fingerprint GraphQL engines with Python and GraphDNA

Fingerprint GraphQL engines with Python and GraphDNA

In the methodology of pentesting GraphQL application, we published an article on how to discover GraphQL endpoints.

There are many engines in the GraphQL ecosystem; each one uses a different implementation, with pros and cons and other attack vectors.

Here at Escape, as a GraphQL security company, we must be one step ahead and know our target perfectly.

Introducing GraphDNA

This article is about doing more steps in the discovery process by introducing a new tool, GraphDNA.

GraphDNA is primarily inspired by graphw00f, doing a great job as fingerprinting engine using static GraphQL queries.

With the recent release of Escape, we started lacking heuristics when fingerprinting at scale.

We decided to create a new package that wraps multiple heuristics, confidence score, async, and authentication.

The confidence score is very interesting as some engine react very closely to some engine that shares the same GraphQL parser.

We can detect custom GraphQL wrappers like Shopify, or services like Stepzen.

Getting Started

It takes only two simple steps to fingerprint an endpoint using GraphDNA.

pip install graphdna
graphdna -u https://example.com/graphql

This is how it looks like in action 😎

Hackerone

You should check our repository documentation here if you want to include this package in your Python project.

Conclusion

Knowing your target is always very valuable.

We want to thank Dolev Farhi for his dedicated work on graphw00f.

We are also maintaining an Awesome GraphQL Security list if you want to discover more resources related to GraphQL Security!

Graphinder - GraphQL endpoint finder

GraphQLDNA - GraphQL engine fingerprinting too