-
-
Notifications
You must be signed in to change notification settings - Fork 810
How Arjun works?
A request to the URL is made and the response length, plain-text length and response code are stored for comparison in later steps.
If any HTML form is found in the response, Arjun extracts field names from it and adds it to parameter name list for further checking.
A second request to the URL is made but this time, a randomly generated parameter (expected to be non-existent) name of 6 chars is added to the request to determine the behavior of the web application towards a non-existent parameter.
Number of reflections, response length, plain-text length and response code are stored for comparison in later steps.
These characteristics are also compared against the first request characteristics to determine what changes should be ignored to keep off false positives.
A huge list of 25,980 parameters name list is loaded and divided into 25 different parts. All the parameter names of a part are sent in a single request with randomly generated values and hence total of 25 requests are made.
Responses of these requests are compared with the previous data and the parts which didn't cause any deviation in response are rejected.
Every part which caused deviation in response is divided in two parts, the part which doesn't cause any change is rejected and part which caused change is further divided into two parts. This process is continued until there's just one or no parameters are left in each part. Empty parts are obviously rejected and the single parameter names are marked as valid.