GraphQL is definitely the new hotness compared to good ol' Restful APIs, so more content related to pwning GraphQL endpoints would be pretty interesting.
You're not wasting my time mate, I came here for that. But what surprised me is how you're actually thinking out loud which is fascinating for me and I really appreciate it, being able to peek into a fellow researcher's mind. Great video, keep going!
John you are the MAN!! I get so excited for your videos, they're what I look forward to each week! Great personality, great sense of humor and great way of explaining what your doing! Keep up the excellent work mate!! Your channel is better than TV!! 👍🏽😆
Loving these videos! Super cool how you explain each and every thing you do, even as a seasoned programmer it’s always cool to see how another programmer thinks! Thank you!
This technology is getting more and more used, therefore YES, I think it is a good thing to have few videos on GraphQL topic ;) Super nice your videos, John. Cheers!
To avoid getting the unwanted traffic from the briwser, just patiently compile a list of offending domains and exclude it within the browser's proxy settings.
GraphQL is pretty great. It can really empower your APIs if used correctly. It's worth being wary of the performance but depending on scenario it can be very good. For Example, Imagine an Author object can have a books array. When calling the query, you can specify the fields you want, and it will only query for those fields. So if you imagine the books array could be more complex than just getting the Authors First and Last name. It allows for people to query the Author, and get the name information without the books, or query the author, and also get their books. The way GraphQL can handle this means you don't unnecessarily query your database for fields that are not required. If you wanted to take that one step further, you can choose what fields you want back from the book, and lets pretend the genre field was complex. You could separate this out too so that again you don't create complex queries on your database when you don't need to. Each time you do this, your essential layering your queries on top of each other. So first the Author returns with an AuthorID, then the Books are Queried, using that AuthorId, then the Genre is queried using each BookId. Again, taking it further, maybe you return a list of "TopAuthors", well thats just an array of Authors, which you could query the Books, and as such the Genres... or maybe that's going to be too badly performing, so you just return the Author First and Last names instead. Simplified answer, and you have to be careful when using GraphQL. However, it is very powerful.
Hi @john! Thanks for all this video and explanation! I was stuck for the "Syncopation" challenge in reversing section. Are you going to make a video on it? thanks!
GraphQL is definitely the new hotness compared to good ol' Restful APIs, so more content related to pwning GraphQL endpoints would be pretty interesting.
these 2 hours of waiting will feel like an eternity!
6 mins.
someone on Loi Liang's video commented about this channel, and here i am subscribing
You're not wasting my time mate, I came here for that. But what surprised me is how you're actually thinking out loud which is fascinating for me and I really appreciate it, being able to peek into a fellow researcher's mind. Great video, keep going!
John you are the MAN!! I get so excited for your videos, they're what I look forward to each week! Great personality, great sense of humor and great way of explaining what your doing! Keep up the excellent work mate!! Your channel is better than TV!! 👍🏽😆
Others: I watch John Hammond for learning new cybersec skills.
Me: I watch him for his outro music 😂
About that, did you actually know the music name or the artist?
@@johnnywalker3862 I think that's fearless by NCS
@@argsahoo Thanks a lot man! Have a nice day/night!
I'm watching it despite the outro music for sure.
Loving these videos! Super cool how you explain each and every thing you do, even as a seasoned programmer it’s always cool to see how another programmer thinks! Thank you!
I love your channel, it's eye candy for pentesters.
You make soo much fun,
Also, A amazing teacher, I learnt lots of things from your videos, And really thankful for making such videos for us🙏
I have now registered on HTB because of your videos :)
This technology is getting more and more used, therefore YES, I think it is a good thing to have few videos on GraphQL topic ;) Super nice your videos, John. Cheers!
Whoop another video can’t wait ! 🤘🏻 love this guy!
I had fun learning graphql with you, thanks john.
You could write at the end of the URL /graphql that would open the Query editor. This would make it easier to intercept the data.
it may be disabled
John : maybe I do this some that and ctf is solved
Me : maybe I do this some that and did I just broke my vm again?
To avoid getting the unwanted traffic from the briwser, just patiently compile a list of offending domains and exclude it within the browser's proxy settings.
GraphQL is pretty great. It can really empower your APIs if used correctly. It's worth being wary of the performance but depending on scenario it can be very good.
For Example, Imagine an Author object can have a books array. When calling the query, you can specify the fields you want, and it will only query for those fields. So if you imagine the books array could be more complex than just getting the Authors First and Last name. It allows for people to query the Author, and get the name information without the books, or query the author, and also get their books. The way GraphQL can handle this means you don't unnecessarily query your database for fields that are not required.
If you wanted to take that one step further, you can choose what fields you want back from the book, and lets pretend the genre field was complex. You could separate this out too so that again you don't create complex queries on your database when you don't need to.
Each time you do this, your essential layering your queries on top of each other. So first the Author returns with an AuthorID, then the Books are Queried, using that AuthorId, then the Genre is queried using each BookId.
Again, taking it further, maybe you return a list of "TopAuthors", well thats just an array of Authors, which you could query the Books, and as such the Genres... or maybe that's going to be too badly performing, so you just return the Author First and Last names instead.
Simplified answer, and you have to be careful when using GraphQL. However, it is very powerful.
Nice little run down!
When you zoom that much it's also unreadable, just keep something in the middle :) Thanks for the video!
Thanks again John, always look forward to your next video =)
Learned alot from this video
i love how you find the flag
Could you do some more beginner CTF walkthroughs? They’re sooo handy
Hi @john! Thanks for all this video and explanation! I was stuck for the "Syncopation" challenge in reversing section. Are you going to make a video on it? thanks!
What key did he used in sublime text to make the payload more simply use in burpsuite.
John, lately I have been committing to my studies 3 hours a day 6 days a week. How much study time would you recommend?
what keyboard is u use ?? may i now ??
The Ed Sheran of Blue Team.
Replace all new lines by "
" is not working on Sublime text and Vs code, how is he doing it in this video?
Wanna know more about Pegasus? Is this software available to use?
I found a bug bounty related with this before :D
Man!!!!You're really really good!
John using burpsuite..!! 1st time iam seeing 🧐
Great video! Thanks
Would love to see john struggling and exploring in bug bounty
Patiently compile a list of offending domains and add it to the browser extension exclusion list. These will not go through B urp.
Good one! Thanks for sharing :)
Are we gonna get a graphql course? :c
Awesome video!~
would be nice a video with gRPC
You could pass your api URL to Graphiql/Graphql playground for pretty easy exploration.
This endpoint is usually disabled on production builds
taskbar belongs at the bottom for both win an lin
I am always down to learn everything lets throw up that GraphQL tutty!
Hiii, can you Make a video on syncopation from this ctf I am stuck from 2 days for this now...
Yup! Already recorded, should be released soon :)
@@_JohnHammond Thanks a lot Super excited to see it :)
You're fantsastic
Make sense
font too smol make it biggggg doesnt work then makes it smaller then when he started
👤👤🖤🖤🖤
So what did you learned from this? googling????
You should have explained the graphql query. Otherwise, there was no point in making this video of 15 mins.
Me third comment!:;
Congs.