Impossible to Map Introspection Disabled GQL APIs for These Specific URLS (Apollo Servers Detected) #70
Comments
|
I am sorry for extremely late response. Basically, introspection is a feature of GraphQL server that is useful for debugging, because it allows client to request full API map. But in most correctly configured production server, introspection is disabled. This is when Clairvoyance is shining: it sends requests for objects with variety of names (e.g. "user", "company") and that's where another feature, called field suggestion, comes into play. For example, if there is a field called "users", then GraphQL will suggest us this field and by trying many similar fields Clairvoyance, in some way, bruteforce API map. Hopefully, it answers your question. If so, feel free to close the issue. But in case if you have further questions, you can ask them below. |
If anyone could give me a hand -- running into this issue with pretty much every GraphQL enumeration / mapping tool or library for the following URLs. I'm not sure if there is some additional variable I'm missing that I need to be including or potentially a different URL? No clue.
Seriously any and all help appreciated as this has been driving me insane!
Thank you so much for an amazing repo & tool. I hope to be able to utilize it!
x
The text was updated successfully, but these errors were encountered: