The Breach challenge on WebVerse Labs exposes a GraphQL API backing a notes application. The notes are visible in the UI, but a GraphQL schema often has surfaces the front-end never touches. Map what's really there, and find a way to reach the flag.
Objective: Send a GraphQL introspection query to enumerate all available types, fields, and their arguments — especially looking for any hidden or undocumented fields.
Context: You have confirmed the GraphQL endpoint at `/graphql`. GraphQL APIs often expose their full schema through introspection. This is a key recon step to discover all available types, queries, fields, and their arguments.
Only reveal the ones you need. Claude tracks how many you used to calibrate the feedback.
GraphQL has a built-in mechanism to query its own schema. Try sending a special meta-query to the endpoint to discover all available types and fields.
Use a GraphQL introspection query targeting `__schema`. Focus on discovering type names, their fields, and the arguments those fields accept.
Send this introspection query via POST to `/graphql`:
```json
{"query": "{ __schema { types { name fields { name args { name } } } } }"}
```
Look through the response for any type or field you haven't seen in the UI yet.