Skip to main content
🔑 Running Audits

Authenticated Page Auditing

Audit pages behind SSO, OAuth, or MFA using cookie-based session injection.

What is Authenticated Page Auditing?

Authenticated Page Auditing lets you inject browser cookies or session tokens directly into ConformPilot's browser session. This allows auditing of pages protected by SSO, OAuth, SAML, MFA, or any authentication system that cannot be automated with a simple form login.

Authentication modes

🍪

Cookie Injection

Export your session cookies from a logged-in browser and paste them into ConformPilot. The audit runs with your authenticated session. Best for SSO, OAuth, and MFA.

📝

Form Login

ConformPilot fills in a login form automatically. Best for standard username/password forms. See Form Login Audit.

🔒

Basic Auth

HTTP Basic Authentication using a username and password sent in the request header. Best for staging environments and internal tools.

How to use Cookie Injection

Cookie injection is the most reliable method for complex authentication systems.

Step 1: Export your session cookies

  1. 1

    Log in to your application

    Open your browser and log in to the application you want to audit.

  2. 2

    Open DevTools

    Press F12 (or Cmd+Option+I on Mac) to open Chrome DevTools.

  3. 3

    Go to Application → Cookies

    Click the Application tab → expand Cookies in the left sidebar → select your domain.

  4. 4

    Copy session cookies

    Copy the session cookie values (typically named session, auth_token, access_token, or similar).

Step 2: Configure ConformPilot

  1. 1

    Open the audit form

    Click New Audit from the dashboard.

  2. 2

    Enter the target URL

    Enter the URL of the authenticated page you want to audit.

  3. 3

    Select "Cookie Auth" mode

    Choose Cookie Auth from the audit mode dropdown.

  4. 4

    Paste your cookies

    Paste the cookie string in the format: name=value; name2=value2

  5. 5

    Click Run Audit

    ConformPilot will inject the cookies, load the authenticated page, and run the audit.

⚠️ Cookie security

  • • Session cookies expire — if the audit fails, your session may have expired. Log in again and copy fresh cookies.
  • • Never share session cookies — they grant full access to your account.
  • • Use a dedicated test account when possible.
  • • Cookies are used only for the audit session and are not stored after the audit completes.

How to use Basic Auth

  1. 1

    Select "Basic Auth" mode

    Choose Basic Auth from the audit mode dropdown.

  2. 2

    Enter username and password

    Enter the HTTP Basic Auth credentials for your staging or internal environment.

  3. 3

    Click Run Audit

    ConformPilot will send the Basic Auth header with every request during the audit.

Related articles

Form Login Audit →

Audit pages with standard login forms

Site Crawl →

Audit multiple authenticated pages automatically