In this article, we are telling you about how to find hidden parameters, just as we have previously told you about how to find hidden directories, similar hidden parameters are also there.
Here we are telling you about practical to find hidden parameters, to find hidden parameters, you should also know what are the parameters that are also being told in this article.
It is not that there is only one way to find Hidden Parameters, you can also fund Hidden Parameters with the help of tools but we are telling you using the burp suite here.
Note- This article is only for educational purpose. Don’t miss use your knowledge and skills.
Also Read
Clickjacking and phishing for facebook hacking
What is json vulnerabilities owasp
Find Hidden Parameters ?
Let us now tell you how you can find the hidden parameters of a website, but first we tell you what the parameters are as you can see in the image.
You must have seen your form page in many types of websites like in facebook also create account, you are asked for some information like first name, last name, phone numbers.
How to collect phone number information
In such a situation, if there is any vulnerability in the same hidden parameters, then we have to find those hidden parameters first, after that we can find some kind of vulnerability on those parameters.
What is websockets security vulnerabilities
To find the hidden parameters here, you have to use an extension in the burp suite as you can see in the image, you have to install the param miner extension from here.
https://github.com/PortSwigger/param-miner
In this way, you are also being told about another extension that you can do by doing this extension, we are showing you how hidden parameters are found.
https://github.com/PortSwigger/logger-plus-plus
This website that we are using is a demo website, you can also use it as you can see in the image, you can also see it in a website like facebook.
First of all, you have to capture this request live by intercept on here, you can capture this request live as you can see in the image, you are getting all kind of parameters show here.
In this way, there are also hidden parameters in them, there are also hidden headers, there are also hidden cookies parameters which can be tested and vulnerability tested on them, here we are telling you everything practically.
You can delete any one parameter here and think as if it is not a parameter, if you do not want to delete, you can still do this, after doing all this, you have to send the request to the repeater.
As you can see in the image, after sending the request to the repeater, you will be able to see the option of guess get parameters by right clicking, you also get guess cookies parameters and headers.
Here you have to click on guess get parameters, after that something is open in front of you in this way, here you can set the threads according to your own as well as if you want, you can also use your list of words after that. have to click ok
As soon as you click ok, this attack starts to find your hidden parameters, you get to see it only in the extender as you can see in the image.
Here, the logger that you have installed, also shows you all the hidden parameters that are being tried, as you can see in the image, here you can open any request.
As you can see, you get to see hidden parameters in all types of requests, similarly you can find hidden cookies parameters as well as headers, here you also get the option of guess everything.
After some time here you will see that you get hidden parameters by searching in this way, after which you can test vulnerability here, you get to see hidden headers as well.
As you can see in the image, you also get hidden headers here, you get to see some hidden headers in this way in requests, from here you can also open them and see them.
As soon as you open them, the same page opens in front of you, but you see in the url that you get to see the headers in this way, you can also find hidden cookies parameters by looking at them.
In this way, you can also use tools to find hidden parameters, here you are being given a link to a tool, if you want, you can also use it as well as you get more such tools.
First of all you have to install this tool, you can download git clone by downloading git clone https://github.com/s0md3v/Arjun in such a way as if you can see it in the image, after this you can use it.
Here you get all kinds of requests to find the hidden parameters, by giving this command in this way, you can find the hidden parameters with the help of this tool, as well as you get different options for single scan url here.
The conclusion
I hope that now you know about How to Find Hidden Parameters. We have told you here to find hidden parameters using burp suite, as well as you have also been told about hidden headers.
We know that if you search for bugs with any kind of automatic tool, it is not a valid bug, so you are told to find these tools bugs but you have to manually do it before reporting it.
If you have any other question in finding hidden parameters or in any way, you can ask in a comment, your full help will be done from our side, as well as share this article with us.
Subscribe to our blog for latest updates
Thankyou
Leave a Reply