Search

Different Way To Find Website’s Hidden Parameter.

Greeting Everyone! Hope everything is well and going good, today we are going to look on How to enumerate a web application to find out hidden parameters of any website, Here we are going to see How we can find out all possible parameters using some Tools

Paramspider:

Paramspider mines parameters from web archives without interacting with the target host. This will help a tester to find out all possible parameter from out targeted Website .

Usage: Download And Setup from Github

→ git clone https://github.com/devanshbatham/ParamSpider

→ python paramspider.py –domain www.target.com

As above picture We see it find out all possible Parameter From Our target , Now

Arjuntool:

Web applications use parameters (or queries) to accept user input, take the following example into consideration EG: https://domain.com?id=12122 As we see Id Which consider as Parameter but what if there exists a parameter name admin in his case we used Arjun to lookup al; hidden parameter value EG: id=FUZZ

Usage Of Arjun tool git clone https://github.com/s0md3v/Arjun

git clone https://github.com/s0md3v/Arjun

→ python arjun.py -u www.domain.com?id=FUZZ

This will Find out all hidden parameter value compare with id= parameter,

waybackurl:

It extract all possible url from Waybackurl archive data which contains parameter urls. Is a good tool to find out archive urls parameter from our targeted Website.

Usage:

→ go get github.com/tomnomnom/waybackurls

→ waybackurls tesla.com

As above picture We see it extract all the possible url parameter from archive data . As we see how we find out all possible parameters from our targeted website this will help in your testing phase we used different tools which make our testing phase more easy for hidden parameter of website.

Tools We used : Paramspider , Arjun tool, Waybackurls

Thank You! See You In Another Bloghidden parameter of website

Table of Contents

Social Media
Facebook
Twitter
WhatsApp
LinkedIn