Parameter Pollution

When you manipulate any parameter, it’s manipulation depends on how each web technology is parsing their parameters.

You can identify web technologies using “Wappalyzer”.

Below is the screenshot of some technologies and their parameter parsing.

Unicode char can cause breaks in some applications. Example with the pile of poo 💩 :

Understand it :

HTTP Parameters

Find Parameters

Find hidden HTTP parameters

# usage / install
pip3 install arjun
arjun --help
arjun -u $target_url

Parameter miner for humans

git clone https://github.com/devanshbatham/ParamSpider
cd ParamSpider
pip3 install -r requirements.txt
python3 paramspider.py --domain $domain

When you manipulate any parameter, it’s manipulation depends on how each web technology is parsing their parameters.

You can identify web technologies using “Wappalyzer”.

Below is the screenshot of some technologies and their parameter parsing.

Unicode char can cause breaks in some applications. Example with the pile of poo 💩 :

Understand it :

Last updated 1 year ago

Was this helpful?