GraphQuail
GraphQuail
GraphQuail is an open source Burp Suite extension that offers a toolkit for testing GraphQL API endpoints, with or without a schema.
GraphQuail supports dynamic schema construction, enabling schema-less pentesting of GraphQL APIs. It also provides GraphiQL and Voyager for your endpoint in your browser. It supports custom header injection, context menus to extract GraphQL queries from requests, and introspection emulation with support for JSON and SDL schemas.
For an example of how it works, check out the demo video below: