Zapotek
commented
8 years ago If you use the nightlies and set a Cookie HTTP header then whatever raw data you've provided should be preserved.
If you're just setting name/value pairs then there's no way for Arachni to know what to do, so it encodes them per the RFC.
ethicalhack3r
When supplying Http cookies in the profile editor via the web GUI in un-encoded format, the cookies get URL encoded when sent with requests rather than leaving them as input into the settings.
URL encoded cookies make the application I am testing throw an error as it expects them un-encoded.
This might be an edge case but it might be worth having an option to enable/disable URL encoding of the cookies that have been configured to be used. Or just use the value configured and do not do any encoding or decoding.