drwetter / f5-bigip-decoder Goto Github PK
View Code? Open in Web Editor NEWDetecting and decoding BIGIP cookies in bash
License: GNU General Public License v3.0
f5-bigip-decoder's People
Contributors
Stargazers
Watchers
f5-bigip-decoder's Issues
Invalid size for routed domains
Currently, the maximum size of routed domains is set to 2.
f5_bigip_decoder.sh:169
grep -q -E '^rd[0-9]{1,2}o0{20}f{4}[a-f0-9]{8}o[0-9]{1,5}' <<< "$cookie"
f5_bigip_decoder.sh:186
grep -q -E '^rd[0-9]{1,2}o[a-f0-9]{32}o[0-9]{1,5}' <<< "$cookie"
However, it can happen that this size is greater than 2 (I have seen many times three-digit routed domains). rd[0-9]{1,2} should be replaced by rd[0-9]+ or rd[^o]+, assuming the following character is a "o".
$ ./f5_bigip_decoder.sh https://xxxxxxxxxxx.fr/
Standard / non-encrypted cookies
10.215.181.100:80 | IPv4 pool members in routed domain 338 | BIGipServer~xxxxx=rd338o00000000000000000000ffff0ad7b564o80
A total of 1x non-encrypted cookies found
AES encrypted Cookies
No AES encrypted cookies found
In total:
2 cookies -- 1 F5 BIG IP cookie(s) of which 1 cookie(s) named "BIGipServer~xxxxx"
line 128: printf: 20736": invalid number
$ tail --lines=2 f5_bigip_decoder.sh
# $Id: f5_bigip_decoder.sh,v 1.20 2018/09/03 11:09:09 dirkw Exp $
# vim:ts=5:sw=5
$ bash --version | head --lines=1
GNU bash, version 4.4.19(1)-release (x86_64-pc-linux-gnu)
(This is on Linux Mint 19.1, based on Ubuntu 18.04).
Without the cookie name (just the value), I get this output:
$ ./f5_bigip_decoder.sh 880322211.20736.0000
Standard / non-encrypted cookies
163.166.120.52:81 | default IPv4 pool members | BIGipServer=880322211.20736.0000
A total of 1x non-encrypted cookies found
AES encrypted Cookies
No AES encrypted cookies found
In total:
1 cookies -- 1 F5 BIG IP cookie(s) of which 1 cookie(s) named "BIGipServer"
But with the cookie name, I get this output:
$ ./f5_bigip_decoder.sh BIGipServerba.com-port81=880322211.20736.0000
Standard / non-encrypted cookies
./f5_bigip_decoder.sh: line 128: printf: 20736": invalid number
163.166.120.52:0 | default IPv4 pool members | "BIGipServerba.com-port81=880322211.20736.0000"
A total of 1x non-encrypted cookies found
AES encrypted Cookies
No AES encrypted cookies found
In total:
1 cookies -- 1 F5 BIG IP cookie(s) of which 1 cookie(s) named "BIGipServer"
So, the port number (81) is missing, and there is an error printed out as well.
This cookie comes from https://www.britishairways.com/ but I have seen it happen on other sites as well.
@drwetter: Please let me know if there's any other information I can provide to help with a fix. Thank you.
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. ๐๐๐
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google โค๏ธ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.