What is Param Miner
By Vedant Jain
we are going to talk about the a very useful burp extension which can brute-force the parameters and headers as well as cookies using burp extension PARAM MINER.
Param Miner is a free extension in a BurpSuite Community Edition + Professional inside the BApp Store, there you can download it. Most of the time developers mistakenly or their laziness leave the special parameters, headers or cookie names.
Developers think that they are the only ones who know those parameters they create the logic upon it. Let’s take an example you can have a parameter admin this is obvious predictable parameter name but think about this use case just bear with me a developer just validates that if a user is an administrator or not based on the get parameter name as admin, so if do the brute force with this extension using admin = true for example you have got the administrative page. Obviously, this is just an example. But you can find more of the vulnerabilities based on those wrong expectations that developers have. So, lets install it then.
Steps to install:
Step1: Open BurpSuite Community edition or Professional edition (both editions have this extension)
Step2: Click on Extender BApp Store
Step3: Now you can see the list of extensions find the Param Miner
Step4: Click on the Param Miner Select It and on the right-hand side you can see the small clickable button click on the install button and it will be install.