PHASE: The Hidden Input33% COMPLETION
MODULE 07
Parameter Discovery & Fuzzing
Finding hidden GET/POST parameters that might be vulnerable.
The Hidden Input
Sometimes the vulnerability isn't in the URL path, but in a hidden parameter.
`example.com/admin?debug=true`
Arjun
A specialized tool for finding query parameters.
`arjun -u https://target.com/endpoint`