As from Acunetix WVS v10, an Acunetix crawl can be pre-seeded using various techniques, one of which is by using Saved Items and State files from Burp Suite. This is very useful when an automated Acunetix scan needs to be done following the assessment of the same website using Burp.
Pre-seeding an Acunetix Crawl with such data gives the Acunetix Crawler a head start when scanning the site, while ensuring that the requests already captured using Burp are not missed by the Acunetix Crawler. This may happen when there are parts of the site which are not linked to from the main web site.
Here is to how to go about pre-seeding an Acunetix Crawl using HTTP requests captured by Burp.
- From Burp save the requests captured either by right clicking on the website, or on specific requests in the Site map, and selecting “Save selected items”, or by using File > Save State if you are using Burp Professional Edition.
- From Acunetix, click on New Scan to start the new scan wizard.
- Insert the website URL of the site you want to scan and click Next.
- Choose the Scanning profile and the Scan Settings to use.
- Select to “Show advanced options in the scan wizard” and click Next.
- Choose the option “Define a file to be imported by crawler at start”.
- Insert the path to the file saved from Burp, or click the folder icon and select the file using the File-open dialog.
- Proceed through the Scan Wizard to start the scan.
- Acunetix WVS will immediately import the urls from the Burp file which match the URL being scanned.