Get a demo
AppSec with Zero Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
Support
General FAQs

Why does my scan lose login status during a scan?

This document is for:
Invicti Enterprise On-Demand, Invicti Enterprise On-Premises

If a target website does not preserve sessions through cookies or local storage, users will be prompted to log in again when opening the website in a new tab.

The Invicti scanner uses Chromium to initiate scans quickly by launching multiple sessions or threads to crawl websites and perform attacks.

If your site does not support multi-tab sessions, the scanner may fail authentication, leading to errors or unreliable results.

To scan such websites, ensure sessions remain active across different browser tabs. This will require your developers to implement this functionality. One possibility is to implement a custom cookie which will consider all requests containing the custom cookie value as being authenticated, and therefore not require login. Visit this page for more information about specifying custom cookie parameters for your scans.

Alternatively, you can try the following workarounds, though it does not guarantee accurate results:

  • Capture browsing traffic using Fiddler
  • Export browsing traffic using a web browser
  • Use Invicti Standard to crawl the target website manually

Capture browsing traffic using Fiddler

You can use Fiddler to capture browsing traffic as you crawl through your site manually. When you have finished your manual crawling session:

  • Capture the traffic

  • Save the traffic

  • When creating your new scan, go to the Scan Settings > Links/API Definitions option and select the Fiddler file importer

Refer to our documentation for more information about importing links from supported tools.

Export browsing traffic using a web browser

You can use your web browser to capture browsing traffic as you crawl through your site manually. When you have finished your manual crawling session:

  1. Open your browser's Developer Tools
  2. Select the Network tab
  3. Perform your manual crawling session in the browser

  1. Click on the Export HAR button

  1. When creating your new scan, go to the Scan Settings -> Links/API Definitions option and select the HTTP Archive file importer

Use Invicti Standard to crawl the target website manually

You can use Invicti Standard to crawl the target website manually. Refer to our Manual crawling in proxy mode document for more information.

Top Articles

What is Invicti?

Overview of Scan Policies

Scheduling Scans

Managing Integrations

Built-In Reports