Where to find the information for session cookie authentication
Naomi Purvis avatar
Written by Naomi Purvis
Updated over a week ago

Entrypoint URL

The entrypoint URL tells the scanner where it should start all of it's crawling and scanning from. Most often this will be the root of your web application. Which in our example would be . Please note, there is not a path associated with the URL just a / on the end, which you should include if you want the full application to be scanned.

There are times when you won't want to scan from the root of the application, instead you might want to scan a subset. For example, when you have multiple applications running on the same target, but which live at different paths. For our example:




In this case, you would want to add 3 separate authentications each using one of the paths in the list.

Logout URL

The easiest way to find this would be to log in to the application and find the Logout button on your page (it may say Log Out or Sign Out or something similar). If you hover over the button you'll see the Logout URL at the bottom of your page, you can also right-click and 'Save link address', then paste into Intruder. If that doesn't work, please see our extended explanation.

Did this answer your question?