Integrating Burp Suite with Acunetix Vulnerability Scanner

An Acunetix crawl can be pre-seeded using Burp Suite. This can be very useful when an automated Acunetix scan needs to be done following the assessment of the same target application using Burp.

Pre-seeding an Acunetix Crawl with such data gives the Acunetix Crawler a head start when scanning the site, while ensuring that the requests already captured using Burp are not missed by the Acunetix Crawler. This may happen when there are parts of the site which are not linked to from the main web site.

To use the integration, follow the instructions below.

After running a Burp Scan or spidering an application, go to the Burp Target "Site map".

Right click on an individual item or a selected or single branches in the Site map to bring up the context menu.

Click "Save item" or “Save selected items” to create a file to import in to Acunetix.

 

Save the file using an appropriate name and location.

 

Open Acunetix and click "New Scan" to start the new scan wizard.

 

Insert the website URL of the site you want to scan and click "Next".

 

Select your desired Scan options and settings.

Ensure "Show advanced options in the scan wizard" is selected beneath the "Adjust advanced scan settings" header.

Click "Next".

 

Choose the option “Define a file to be imported by crawler at start”.

Click the browse file button.

 

Locate your saved Burp file, select it and click "Open".

In the Acunetix Scan wizard, click "Next".

 

Check the target settings and click "Next".

 

Enter any known login details or sequences and click "Next".

 

Review the recommendations and click "Finish".

 

Acunetix will now carry out a Crawl and Scan using HTTP requests captured by Burp.