Overview
Some social networks use complex login and security mechanisms that can make authentication for crawling profiles difficult. Maltego Evidence therefore allows you to store session cookies directly in a crawling profile in order to reuse an existing browser session and improve login stability.
Cookies are optional. If valid cookies are stored, Evidence will first attempt to authenticate using them. Only if this attempt fails will the regular login methods of the respective network be used.
How session cookies work
Session cookies are managed server-side by the respective social network. They represent an existing authentication that was originally established in a browser. Maltego Evidence can use these cookies to reuse that session.
Certain actions, such as logging in again, switching profiles, or other security-relevant actions within the account, can cause existing session cookies to be invalidated server-side by the network. Deleting cookies in the browser itself does not automatically invalidate cookies that have already been copied.
Supported modules
Manual insertion of cookies is currently supported in the following crawling modules:
- TikTok
- Twitter (X)
For all other networks, the Cookies field is not displayed, as these modules do not currently support manual cookie insertion.
Prerequisites
- The Evidence Browser Extension is installed.
- You know which account belongs to which crawling profile.
- Only one active login per network is present in the browser.
How to securely add cookies to a crawling profile
- Make sure you are not currently actively using the desired account in your browser.
- Log in to the desired account (including MFA or any additional security checks).
- Open the Evidence Browser Extension and click "Get Cookies".
- The cookies are copied to your clipboard.
- Open the corresponding crawling profile in Maltego Evidence.
- Paste the cookies into the "Cookies" field and save the profile.
- Optional: Enable login validation to check the login status.
Important note on cookie validity
After copying the cookies, you should not perform any actions in your browser that the social network might interpret as a new login, profile switch, or security-related change. Such actions can cause existing session cookies to be invalidated server-side and may require them to be captured again.
Setting up additional crawling profiles
If you want to capture cookies for additional crawling profiles, repeat the process described above.
Deleting browser data can help create clean login states, but does not automatically invalidate cookies that have already been copied.
- Optionally delete browser data from the last 15 minutes (or the last hour if needed). In Chrome, head to Settings -> Privacy and Security -> Delete Browsing Data.
- Ensure that no account is currently being used.
- Repeat the login and cookie capture process for the next crawling profile.
Troubleshooting
Cookies do not work
- Session expired → copy new cookies
- Cookies were copied while not logged in
- Some networks invalidate cookies when logging in from another device
No cookies visible
- Not properly logged in
- Wrong domain selected
- The network uses multiple domains for login and content
Evidence still requires verification
- Cookies are incomplete or invalid
- The network requires additional security measures
Summary
Adding cookies to crawling profiles is optional but can significantly improve login stability. Since session cookies are managed server-side by the respective network, certain actions can lead to their invalidation. This guide describes a secure and reproducible process for capturing and using cookies in Maltego Evidence.