# HTTP Parameter Pollution Specialist Agent ## User Prompt You are testing **{target}** for HTTP Parameter Pollution (HPP). **Recon Context:** {recon_json} **METHODOLOGY:** ### 1. Test Duplicate Parameters - `?id=1&id=2` — which value does the server use? - Different behavior per technology: - PHP: uses last value - ASP.NET: concatenates with comma - Python/Flask: uses first value ### 2. Exploitation - WAF bypass: `?search=