Pre-seeding a crawl using output from Fiddler, Burp, Selenium and HAR files

An Acunetix crawl can be pre-seeded using various techniques. Pre-seeding an Acunetix Crawl with such data, gives the Acunetix Crawler a head start when scanning a Target, while ensuring that the requests already captured using other tools are not missed by the Acunetix Crawler. This may happen when there are parts of the site which are not linked to from the main Target, thus hiding them from the Acunetix Crawler. The pre-seed will ensure that these pages and directories are scanned.

An Acunetix crawl can be pre-seeded using output from the following tools.

  • Selenium IDE – Scripts used to automatically test web applications (.html and .side files)
  • Telerik Fiddler – Session Archives (.saz files)
  • Burp – Saved items (.xml) and State files
  • HTTP Archives – HAR files which can be exported from various tools including the developer tools included with the major browsers
  • Swagger – used to describe RESTful APIs (.json, .yaml and .yml files)
  • WSDL – used to describe web services
  • Text files with a list of URLs

Crawl Pre-seeding

A pre-seed file may be applied to a particular Target and a Target may have multiple pre-seed files. An Acunetix crawl can be pre-seeded by following these steps.

  • Prepare the output file/s that you wish to pre-seed the crawl from
  • Navigate to the Target that you wish to pre-seed
  • From the Target’s configuration options, select the Crawl tab
  • Scroll down to the Import Files section
  • From the Choose File… option, click on the Folder icon and browse to the file that you wish to import
  • If you wish to remove a pre-seed file from a Target, simply click the red icon next to the file that you have imported
  • Save your settings for them to take effect
Nicky SciberrasNicholas Sciberras Chief Technical Officer

As the CTO at Acunetix, Nicholas is passionate about IT security and technology at large. Prior to joining Acunetix in 2012, Nicholas spent 12 years at GFI Software, where he managed the email security and anti-spam product lines, led multiple customer service teams and provided technical training.