SPHIOR Auth Sync

Sync logged-in session (cookies/headers) to SPHIOR for Enterprise authenticated DAST scanning.

Sync your browser session to SPHIOR for Enterprise authenticated DAST security scanning — without ever exposing your password. HOW IT WORKS ━━━━━━━━━━━━ 1. Generate a one-time pairing code from your SPHIOR Enterprise dashboard 2. Open your target website in Chrome and log in as you normally would 3. Click "Sync" — your post-login session is encrypted and sent to SPHIOR 4. SPHIOR runs an authenticated security scan and delivers a full audit report WHAT IT DOES ━━━━━━━━━━━━ • Syncs your post-login session (cookies) to SPHIOR for authenticated scanning • Auto-syncs when cookies change on the monitored site (e.g. after login) • Alerts you before your session expires so scans don't fail mid-run • Supports one active scan target per pairing session WHY THESE PERMISSIONS ARE NEEDED ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ • cookies — to read post-login session cookies from your target site for transmission to SPHIOR • activeTab — to detect which site is currently open so the correct session is synced • storage — to persist your pairing token and session metadata locally • alarms — to periodically check whether a scan has been requested by the SPHIOR backend Cookie access for your target domain is requested on demand (when you click Sync) and only for the domain you explicitly choose. SECURITY & PRIVACY ━━━━━━━━━━━━━━━━━━ • Your username and password are NEVER captured or transmitted • Only post-login session cookies are used — the same data your browser already holds • All session data is AES-GCM-256 encrypted client-side before leaving your device • Session data is automatically deleted from SPHIOR servers after each scan completes • No browsing history, form data, or credentials are ever accessed REQUIREMENTS ━━━━━━━━━━━━ • An active SPHIOR Enterprise plan — sphior.com • Chrome on the device used for scanning SUPPORTED LANGUAGES ━━━━━━━━━━━━━━━━━━ English, Japanese, Spanish, French, German, Portuguese, Chinese