Burp Suite User Forum

Create new post

Bypassing GraphQL brute force protections

Surprises | Last updated: Mar 29, 2024 02:19AM UTC

Hi, you have Bug in the brute force to GraphQL, I did it right and the payload is correct but still I getting a message of: HTTP/2 200 OK Content-Type: application/json; charset=utf-8 X-Frame-Options: SAMEORIGIN Content-Length: 108 { "errors": [ { "locations": [], "message": "Unknown operation named 'login'." } ] } br, Surprises

Surprises | Last updated: Mar 29, 2024 02:21AM UTC

payload example: mutation { bruteforce0:login(input:{password: "123456", username: "carlos"}) { token success }

Dominyque, PortSwigger Agent | Last updated: Mar 29, 2024 07:48AM UTC

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.