Re: Not scanning production

[Arch Angel <arch3angel () gmail com>]

Have you considered grepping through the files searching for the hard coded
portion of the code which is the same across the board and change that to
the location on the dev box?  Might take a nix box an hour or so but should
get nearly all of them.  Only true way to be sure is search all the code
line by line.  If it is that important that you don't hit the prod box I
would spend the time and effort to do so.

Also a year or so back Paul and Larry talked about a way to clone a site
and pull it down to a local machine and run all the pages locally, but I
can't recall exactly what they did.  Sorry, hopefully Bugbear, Paul, or
Larry can recall that one to help you.  My old age and all, I don't recall
as well as I used too.  What were we discussing anyway :-)

- Robert
(arch3angel)

On Wed, Oct 31, 2012 at 12:15 PM, Patrick Laverty <patrick_laverty () brown edu
> wrote:

> Ok, newbie here...
>
> I was asked to scan a web site that we were told is vulnerable. So I'm
> copying the site over to my Dev server and each time I manually click
> on links, I see it sends my request to production. I went through the
> .htaccess file and changed everything to point to my Dev server. It
> still goes to prod. I dig in a little further and sure enough, most of
> the links in the hundreds of pages are hardcoded to the prod site.
>
> What's the safest way to get around this? Set the /etc/hosts file on
> my scanning machine to point to my Dev server? I want to make 100%
> sure that my scan never hits the production server.
>
> Suggestions?
>
> Thank you.
> _______________________________________________
> Pauldotcom mailing list
> Pauldotcom () mail pauldotcom com
> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
> Main Web Site: http://pauldotcom.com
_______________________________________________
Pauldotcom mailing list
Pauldotcom () mail pauldotcom com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com