drwetter / f5-bigip-decoder Goto Github PK
View Code? Open in Web Editor NEWDetecting and decoding BIGIP cookies in bash
License: GNU General Public License v3.0
Detecting and decoding BIGIP cookies in bash
License: GNU General Public License v3.0
Currently, the maximum size of routed domains is set to 2.
f5_bigip_decoder.sh:169
grep -q -E '^rd[0-9]{1,2}o0{20}f{4}[a-f0-9]{8}o[0-9]{1,5}' <<< "$cookie"
f5_bigip_decoder.sh:186
grep -q -E '^rd[0-9]{1,2}o[a-f0-9]{32}o[0-9]{1,5}' <<< "$cookie"
However, it can happen that this size is greater than 2 (I have seen many times three-digit routed domains). rd[0-9]{1,2}
should be replaced by rd[0-9]+
or rd[^o]+
, assuming the following character is a "o".
$ ./f5_bigip_decoder.sh https://xxxxxxxxxxx.fr/
Standard / non-encrypted cookies
10.215.181.100:80 | IPv4 pool members in routed domain 338 | BIGipServer~xxxxx=rd338o00000000000000000000ffff0ad7b564o80
A total of 1x non-encrypted cookies found
AES encrypted Cookies
No AES encrypted cookies found
In total:
2 cookies -- 1 F5 BIG IP cookie(s) of which 1 cookie(s) named "BIGipServer~xxxxx"
$ tail --lines=2 f5_bigip_decoder.sh
# $Id: f5_bigip_decoder.sh,v 1.20 2018/09/03 11:09:09 dirkw Exp $
# vim:ts=5:sw=5
$ bash --version | head --lines=1
GNU bash, version 4.4.19(1)-release (x86_64-pc-linux-gnu)
(This is on Linux Mint 19.1, based on Ubuntu 18.04).
Without the cookie name (just the value), I get this output:
$ ./f5_bigip_decoder.sh 880322211.20736.0000
Standard / non-encrypted cookies
163.166.120.52:81 | default IPv4 pool members | BIGipServer=880322211.20736.0000
A total of 1x non-encrypted cookies found
AES encrypted Cookies
No AES encrypted cookies found
In total:
1 cookies -- 1 F5 BIG IP cookie(s) of which 1 cookie(s) named "BIGipServer"
But with the cookie name, I get this output:
$ ./f5_bigip_decoder.sh BIGipServerba.com-port81=880322211.20736.0000
Standard / non-encrypted cookies
./f5_bigip_decoder.sh: line 128: printf: 20736": invalid number
163.166.120.52:0 | default IPv4 pool members | "BIGipServerba.com-port81=880322211.20736.0000"
A total of 1x non-encrypted cookies found
AES encrypted Cookies
No AES encrypted cookies found
In total:
1 cookies -- 1 F5 BIG IP cookie(s) of which 1 cookie(s) named "BIGipServer"
So, the port number (81) is missing, and there is an error printed out as well.
This cookie comes from https://www.britishairways.com/ but I have seen it happen on other sites as well.
@drwetter: Please let me know if there's any other information I can provide to help with a fix. Thank you.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.