It is possible to manually crawl your website with Acunetix WVS using a web browser. Using the resultant — and manually crawled — links, it is then possible to build a website structure that will be targeted during the security scan.  This is useful for scanning specific web applications that cannot be automatically crawled due to some strange coding ambiguities. The following procedure offers a reliable workaround:

1. Configure the web browser

Configure your web browser of choice to proxy all the traffic through the Acunetix WVS HTTP Sniffer tool, as shown in the above screen shot.  Presuming that the web browser is running on the same machine where Acunetix WVS is installed, set the proxy server IP to 127.0.0.1 and the proxy server port to 8080.

2. Start the HTTP Sniffer and browse the website using the previously configured web browser.

3. Once ready, stop the HTTP sniffer. Save captured data by selecting ‘Save Logs’ from the Actions drop down menu.

4. Import Logs to Crawler

In the Site Crawler node, click the ‘Build Structure from HTTP Sniffer log’ button (highlighted in the above screen shot) to import the captured data into the Site Crawler.

5. Save the crawler import results by selecting ‘Save Results’ from the Actions drop down menu.

6. Launch the Scan

Click on the New Scan button to launch the scan wizard.  In the first step of the Scan Wizard select the option ‘Scan using saved crawling results’ as highlighted in the above screen shot.  Proceed with completing the scan wizard to launch the automated scan against the manually browsed website.

Note: Only the links you’ve manually crawled will be automatically scanned.  Other pages in the website, even those linked from manually crawled pages will not be crawled or scanned.

Be Sociable, Share!

•