Open soffensive opened 3 years ago
albinowax
commented
3 years ago Thanks for the PR. I have a suspicion this only removes the cachebuster in the final parameter confirmation stage. I assume you coded this for a specific use case and it worked for you in that instance?
soffensive
commented
3 years ago Hi, thanks for the answer. Yes indeed, I coded this because I encountered applications that blocked requests including additional unexpected GET parameters.
I wanted to use ParamMiner to guess cookies, headers or POST body parameters, but was unable to get rid of the GET parameter added by ParamMiner.
Add option for disabling cachebuster when performing guessing attacks