Scanning for vulnerabilities using Custom Cookies

There may be some cases in which a website or web application you are scanning requires custom cookies to be set to be scanned properly.

In Acunetix, you can set custom cookies which will be used during the crawl and scan.

To add a custom cookie to a Target in Acunetix

  1. Navigate to the Target’s settings and switch to the Advanced tab
  2. Enable Custom Cookies
  3. Enter the URL to apply the cookie to, together with its value as shown above
  4. Click Add to add the custom cookie
  5. Click Save
Share this post
Juxhin Dyrmishi Brigjaj

Acunetix developers and tech agents regularly contribute to the blog. All the Acunetix developers come with years of experience in the web security sphere.

  • How to prevent acunetix access to logout url?


    • Hi,

      you can configure the logout URL as an excluded path in Targets > Target name > Crawl tab > Excluded Paths.

      If you are using a Login Sequence for the site, you can also restricted access to the Logout Link from the Login Sequence Recorder.


  • How to restrict Acunetis not test Specific Header and parameter.


    • Hi,

      This is an advanced setting which needs to be configured from C:\ProgramData\Acunetix 11\shared\General\settings.xml. Make a backup copy of the file before editing it.

      You can add parameter exclusions in the section.

      What type of header do you want to restrict tests?


  • My targets will periodically refresh(update) cookies after logging in (1 min),How do I use the latest cookies to scan targets when using AWVS?How can I set it up?thx


    • Hi,

      You will need to make use of the Acunetix Login Sequence Recorder. Acunetix will make use of the cookies it receives after runs through the Login Actions. It periodically tries to check if the session it has is still valid, and if not it will run through the Login Actions again.

  • Comments are closed.