How to find hidden parameters in your bug bounty target

Learn how to find hidden parameters in bug bounty target

FREE LINK ACCESS

Screenshot by author

Finding hidden parameters will increase your chance of finding bugs. that are helps to bypass waf’s and many more.

So, let’s start with how to find hidden parameters in different ways.

Click on the link below ⬇️. TOOL CREDITS: somd3v

GitHub - s0md3v/Arjun: HTTP parameter discovery suite.

Screenshot taken by author from https://github.com/s0md3v/Arjun

Use the below command to install this tool.

pipx install arjun

Paste this above command and click on enter.

Arjun help command⬇️

arjun -h

Screenshot by author

Simple usage⬇️

arjun -u https://yourtarget.com

Now, let’s look at our second tool.

Click on the link below ⬇️. TOOL CREDITS: devanshbatham

GitHub - devanshbatham/ParamSpider: Mining URLs from dark corners of Web Archives for bug…

Screenshot taken by author from https://github.com/devanshbatham/ParamSpider

Installation commands⬇️

git clone https://github.com/devanshbatham/paramspider
cd paramspider
pip3 install .

After successful installation