The Advanced Options section is where you enter headers that need to be injected by the scanning engine to scan the web application. This option is intended to be used for situations where a workaround is needed for complex authentication schemes or to impersonate a web browser.
Enter header information in the field provided using the format:
<header>: <text>
Multiple headers may be entered. Each header must be separated by a new line.
To bypass a complex login form (for example, for multi-step authentication or CAPTCHA), where mwf_login is the session identifier for the application:
Cookie: mwf_login=2-e3b930b2cf6549d0351346d3cf56e9ae
To bypass a complex login form (for example, for multi-step authentication or CAPTCHA), where ASPSESSIONIDAARTTCBQ is the session identifier for the application:
Cookie: ASPSESSIONIDAARTTCBQ=BGHDNEICDKJBGJFMOIAOPLAG
To use a personalized user agent:
User-Agent: Mozilla/5.0 (iPhone; U; CPU like Mac OS X; en) AppleWebKit/420+ (KHTML, like Gecko) Version/3.0 Mobile/1A543a Safari/419.3
Some web applications display different information for different user agents. For instance a web application accessed by a mobile device will display light content containing different functionality, links, forms and underlying HTML code. For this reason, the scanning engine may find different vulnerabilities.
To bypass basic authentication:
Authorization: Basic bXl1c2VyOm15cGFzc3dvcmQ=
When a header such as the above is provided, the header basic authentication overrides an authentication record with basic authentication defined.