.

Author: man3kin3ko

Portswigger & other web theory/Server side/API/GraphQL.md

@@ -1,4 +1,6 @@
 
+Burp Extensions: GraphQL Raider
+
 GraphQL query should optionally includes the `query` operation type for reading operations or `mutation` for modifying operations and arbitrary query name. Mutations are always require input as an argument, meanwhile in queries it can be used to catch up a specific object instead of a group. 
 
 Fingerprint:
@@ -48,6 +50,19 @@ mutation BatchChangeObj($input1: InputObj!, $input2: InputObj!) {
     }
 ```
 Pay attention to how input is provided. Such notation allows you to bruteforce object variables.
+
+#### Language specials
+
+`human(id: "1000")` <- this is called inline object literal. Passing object literals inline is not directly allowed for custom input types (i.e. InputObj above).
+
+Passing variables to fragments:
+
+```
+query HeroComparison($first: Int = 3) { <— notice "="
+  leftComparison: hero(episode: EMPIRE) {
+    ...comparisonFields
+  }
+```
 #### Other ways to obtain valid queries
 
 Inspect JavaScript files (even the minified ones!) to find any valid GraphQL queries

Portswigger & other web theory/Server side/API/WSDL.md

@@ -0,0 +1,10 @@
+Burp Extension: WSDLer
+#### A simple SOAP message contains:
+
+- **Envelope:** Identifies the XML documents, has a name space and encoding details.
+- **Header:** Has header information like content type and character set etc.
+- **Body:** Contains the request and response information.
+- **Fault:** Errors and status information.
+
+Each HTTP request can contain a header called `SOAP-Action`, which is used to perform an operation defined in its content. It is another entry point for an attacker.
+![](https://blog.securelayer7.net/wp-content/uploads/2020/06/soapaction1.jpg)