Discover content requests with cookies
Is it possible to "Discover Content" using valid cookies to test for authenticated pages? I've run several sessions after using the "Discover Content" context menu from a request with a valid cookie, however the cookies do not seem to be used in the brute forcing.
It would seem posting made me find part of the answer....
By using Options > Sessions I've been able to manually force a specific cookie, could this be picked up from the request when using a context menu?
The next problem is that the session instantly found the logout function and invalidated the session, would it be possible for "Discover Content" to inherit the Target > Scope settings to exclude certain files e.g logout?
The content discovery feature is scope based on a start URL, and includes everything below that (rather than being based on target scope, like the Spider). One workaround would be to use the option at Options / Connections / Out of scope requests to drop requests that are made (anywhere within Burp) to a specific logout URL (or other suitable scope).
I could not understand the solution you found, if i understood correctly you tried to create a new rule from Project Options-> Sessions -> Session Handling rules -> add
rule action -> use cookie from cookie jar
Scope - > tool, however i could not find Content discover tool listed in scope.
I am missing something?
Have you tried using the option Project Options > Sessions > Session Handling rules > Edit > Scope > Target?