HTTP parameters most of time also called query strings, and it is also part of URL may takes input and enable it to web application here are the example that looks like.
When your server receives your request, then it will procedure the query then return to a valid name with ID. Most of the time, in the web form; several fields have been submitted to start the query. Here are the examples that look like.
In some cases, a few of the parameters may be hidden in the list. For example, when anunseen parameter admin was setting as True, then there may be another function of that regular user.
Arjun tools are a command-line device that discovers unseen HTTP parameters through a wordlist on Parameter names. Its feature has several-threading, limit handling rate, and allows customer header to added requests. It support POST, JSON, and GET methods, it also making precious resource for issuing web app.
Download and Setup
Here you can use Metaspoitable 2 is a huge Kali Linux into local machine, and you can also use what you want to comfortable with the following along.
The first obsession you need to do is downloading Arjun from GitHub. You can simply clone a copy of the depository through git clone command.
Here are the steps on how to download setup:
Here you only need to change the new directory through cd.
And you can also list content with IS command.
Here Arjun wants Python version 3.4 or highest version to work completely, and you can also see installed into your system through which command:
Here you need to check the version digit along with the “V” switch.
When python version 3.4 or latest is not into your system, then you need to install it from the manager package.
It will be allowed and also need to obtain launched.
Please read the originial post here: https://medium.com/@mcafeecloudsecurity/how-to-find-hidden-http-parameters-to-discover-weaknesses-in-web-application-10cd424e1a39