It may be possible to use AeyeScan's custom header feature to grant a login-authenticated cookie.


Please see below for specific procedures.


Procedure


1. Open a browser and launch the Developer Tools.

For chrome, use the "F12" key or select "More Tools" > "Developer Tools" from the dot menu in the upper right corner.


2. log in to the target site using a browser. 

3.  You will be redirected to the login page. Copy the URL of this page from the address bar and note it down.


4. Use the Developer Tools to retrieve cookies for the target site.

Cookie information can be found in the Developer Tools at

 Application tab > Cookies > [Target URL] Select

5. Access the Create New Scan page of AeyeScan.

Select the target domain as the top URL and set the URL path obtained in step 3.


6. Enter the cookie information obtained in step 4 in the "Custom Header" field under "Basic Scanning Options".


Set the Custom Header as follows. (If multiple cookies exist, set them all.)


URL : URL of the target site

Header name : Cookie

Value : Cookie name = Cookie value


Example) If the cookie value is "sid=XXXX", specify as follows

Header name : Cookie

Value : sid=XXXX 

*Even if there are multiple cookies, set them on a single line.(Example: sid=XXXXXXXX; profile=YYYYYYYY)



7. make other necessary settings and start crawl/scan.

Then, the crawll will start from the page after login.


*In addition, please select "crawl and scan" when performing the scan, as the login will fail if the authenticated cookie has expired.

And, Custom header settings can also be changed after the scan has started.

Therefore, if a session is lost during a scan and AeyeScan stops scanning, AeyeScan scanning can be continued by changing the value of the custom header to a valid value and resuming scanning.