# Pentesting Graphql

## Introspection Query

We can test for introspection query if it is enabled or not by using Burpsuite Extension Called **GRAPHQL.** A Normal GraphQL Request and Response Looks like below

<figure><img src="https://3420091786-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2Fy1ZUO45eHY8aMCLJ7OiN%2Fuploads%2FP8R1nAURbatD1PEQOkU9%2Fimage.png?alt=media&#x26;token=fa2a0e8d-3052-4438-8a52-90bed62d1edb" alt=""><figcaption></figcaption></figure>

now go to GRAPHQL at the top and then **Right Click > GRAPHQL > SET INTROSPECTION QUERY** and the Query will be auto Generated and we can see introspection enabled.

<figure><img src="https://3420091786-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2Fy1ZUO45eHY8aMCLJ7OiN%2Fuploads%2FoXPdvFzQgR5VlY7EuQx3%2Fimage.png?alt=media&#x26;token=69f1f1c9-51ac-4b27-a6b8-7763d00d0708" alt=""><figcaption></figcaption></figure>