From 4fd21af773ffbb16032d9c4c41de377ba7774e2c Mon Sep 17 00:00:00 2001 From: halfluke Date: Wed, 31 Aug 2022 17:46:22 +0100 Subject: [PATCH 1/3] Always using Accept html/text for info_graphiql.py --- lib/tests/info_graphiql.py | 7 +++++++ version.py | 2 +- 2 files changed, 8 insertions(+), 1 deletion(-) diff --git a/lib/tests/info_graphiql.py b/lib/tests/info_graphiql.py index d865950..58687f4 100644 --- a/lib/tests/info_graphiql.py +++ b/lib/tests/info_graphiql.py @@ -18,6 +18,9 @@ def detect_graphiql(url, proxy, headers): endpoints = ['graphiql', 'playground', 'console', 'graphql'] parsed = urlparse(url) + if "Accept" in headers.keys(): + backup_accept_header=headers["Accept"] + headers["Accept"]= "text/html" truepath = "" pathlist = parsed.path.split('/') @@ -34,4 +37,8 @@ def detect_graphiql(url, proxy, headers): except: pass + del headers["Accept"] + if 'backup_accept_header' in locals(): + headers["Accept"]=backup_accept_header + return res diff --git a/version.py b/version.py index 3057730..7ea896b 100644 --- a/version.py +++ b/version.py @@ -1,2 +1,2 @@ """Version details of graphql-cop.""" -VERSION = '1.8' +VERSION = '1.8b' From 25199e9d6cad44d754048761be6f8f841d5432c3 Mon Sep 17 00:00:00 2001 From: halfluke Date: Thu, 1 Sep 2022 00:34:46 +0100 Subject: [PATCH 2/3] Modified POST based url-encoded query to actually send a url-encoded body with content-type application/x-www-form-urlencoded --- lib/tests/info_post_based_csrf.py | 2 +- lib/utils.py | 6 +++++- 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/lib/tests/info_post_based_csrf.py b/lib/tests/info_post_based_csrf.py index d8ac981..d36dc58 100644 --- a/lib/tests/info_post_based_csrf.py +++ b/lib/tests/info_post_based_csrf.py @@ -14,7 +14,7 @@ def post_based_csrf(url, proxies, headers): q = 'query cop {__typename}' - response = request(url, proxies=proxies, headers=headers, params={'query':q}, verb='POST') + response = request(url, proxies=proxies, headers=headers, data={'query': q}, verb='POST') res['curl_verify'] = curlify(response) try: diff --git a/lib/utils.py b/lib/utils.py index 42807af..2adca24 100644 --- a/lib/utils.py +++ b/lib/utils.py @@ -11,7 +11,11 @@ def curlify(obj): method = req.method uri = req.url if req.body: - data = req.body.decode('UTF-8') + try: + data = req.body.decode('UTF-8') + except: + reqb = bytes(req.body, 'UTF-8') + data = reqb.decode('UTF-8') else: data = '' headers = ['"{0}: {1}"'.format(k, v) for k, v in req.headers.items()] From 9ef4505915792e30eb9d8ffcd67383e507f780f3 Mon Sep 17 00:00:00 2001 From: halfluke Date: Thu, 1 Sep 2022 00:38:58 +0100 Subject: [PATCH 3/3] bumped version --- version.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/version.py b/version.py index 7ea896b..bdcb65a 100644 --- a/version.py +++ b/version.py @@ -1,2 +1,2 @@ """Version details of graphql-cop.""" -VERSION = '1.8b' +VERSION = '1.9'