An internal penetration tester finds a legacy application that takes measurement input made in a text box and
outputs a specific string of text related to industry requirements. There is no documentation about how this application works, and the source code has been lost.
Which of the following would BEST allow the penetration tester to determine the input and output relationship?
A. Running an automated Fuzzer
B. Constructing a known cipher text attack
C. Attempting SQL injection commands
D. Performing a full packet capture
E. Using the application in a malware sandbox