0. GraphQL Attack Flow

xml1. Identify graphQL endpoint 2. GraphQL Endpoints?
2. Identify GraphQL Engine.
1. Use Graphw00f.
3. Use Introspection to pull objects ( Query or Mutations) 3. Introspection - Getting information
4. Use ofType to search for Object that is being used by another Object.