moeinfatehi
commented
1 year ago You're right, but the focus was to find the sensitive resources that need no authorization. suppose I add the original cookie header because the extension can't be aware of the application authorization logic. In that case, it can't have a conclusion; this is the step that needs to be done manually by an expert and can't be automated.
It would be neat if backup finder sends its request along with the cookie(s) of the original request. Otherwise only unauthenticated requests are sent out and thus, the output has no meaning (in some cases).