Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

('NoneType' object is not iterable) Error Message in Batch Attack #136

Open
xerox0x1 opened this issue Feb 3, 2024 · 2 comments
Open

('NoneType' object is not iterable) Error Message in Batch Attack #136

xerox0x1 opened this issue Feb 3, 2024 · 2 comments
Assignees
@execveat
Labels
Bug Something isn't working
Milestone
v5.1

Comments

@xerox0x1
Copy link

xerox0x1 commented Feb 3, 2024

('NoneType' object is not iterable) Error Message in Batch Attack

The issue brought up to surface, when performing a Batch Attack in a Portswigger lab, Till then, I was not quite sure if the problem in INQL itself, or the lab, However by taking a look at INQL error, I found that the error comes from this python request implemented in the tool https://github.com/doyensec/inql/blob/master/python/inql/attacker/request.py

  • I doubled checked on tool's "README", but found nothing interesting, doubled checked in issues but it's not there.
  • However, I maybe mistaken or done something wrong, So read carefully && pardon me if anything slipped.

To Reproduce

  1. Try any batch Attack, on a request you choose to bypass a rate limit with INQL, I suggest you try this Portswigger lab to test it's "login" function. https://portswigger.net/web-security/graphql/lab-graphql-brute-force-protection-bypass
  2. Modify the intended value with documented tool regex

Screenshot_3

  1. Try to send the request, In my scenario it throwed an Error.

Screenshot_4

Expected behavior
I expected the Tool will try to bypass the rate limit by providing a list with the second regex, I tried the simplest one first, but Unfortunately it did not work.

Screenshot_232

  • OS: Windows 11
  • Java Version:
java 18.0.2.1 2022-08-18
Java(TM) SE Runtime Environment (build 18.0.2.1+1-1)
Java HotSpot(TM) 64-Bit Server VM (build 18.0.2.1+1-1, mixed mode, sharing)
  • Python Version:
Python 3.12.1 (tags/v3.12.1:2305ca5, Dec  7 2023, 22:03:25) [MSC v.1937 64 bit (AMD64)] on win32
Type "help", "copyright", "credits" or "license" for more information
  • Burp Version:
  • Version: [2024.1.1]
@execveat execveat self-assigned this Feb 4, 2024
@execveat execveat added the Bug Something isn't working label Feb 4, 2024
@execveat execveat added this to the v5.1 milestone Feb 4, 2024
@execveat
Copy link
Contributor

execveat commented Feb 4, 2024

Thanks, it's clearly a bug in InQL and I'll look into it. Btw, if you notice any other issues when going through Portswigger labs (or get ideas for feature requests), please do share with us.

@xerox0x1
Copy link
Author

xerox0x1 commented Feb 4, 2024

Thanks for showing interest, I'll inform you about any other errors. btw, Thanks for the great effort you && your team put in this tool, It's really Awesome, Looking forward for the next release <3

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@execveat execveat

Labels
Bug Something isn't working
Projects
None yet
Milestone
v5.1
Development

No branches or pull requests
2 participants
@xerox0x1 @execveat