F5 - BIG-IP persistence cookie en-/decoding

Aus Laub-Home.de Wiki
Zur Navigation springen Zur Suche springen

https://support.f5.com/csp/article/K6917

When you configure a cookie persistence profile to use the HTTP Cookie Insert or HTTP Cookie Rewrite method, the BIG-IP system inserts a cookie into the HTTP response, which well-behaved clients include in subsequent HTTP requests for the host name until the cookie expires. The cookie, by default, is named BIGipServer<pool_name>. The cookie is set to expire based on the expiration setting configured in the persistence profile. The cookie value contains the encoded IP address and port of the destination server.

Example:

BIGipServerwww.example.local=3174295050.20480.0000;

Decoded information: 10.230.51.189:80


Cookie Decoding

The encoded cookie value can be decoded to get internal information.

PowerShell

https://sethjackson.github.io/2017/02/06/decoding-big-ip-cookies/

 1 param(
 2     [Parameter(Mandatory)][string]$cookie
 3 )
 4 
 5 $ipAddress, $port, $reserved = $cookie.Split(".")
 6 
 7 $ipAddressBytes = [System.BitConverter]::GetBytes([System.Convert]::ToUInt32($ipAddress))
 8 $portBytes = [System.BitConverter]::GetBytes([System.Convert]::ToUInt16($port))
 9 
10 if (-not [System.BitConverter]::IsLittleEndian) {
11     [System.Array]::Reverse($ipAddressBytes)
12     [System.Array]::Reverse($portBytes)
13 }
14 
15 [PSCustomObject]@{
16     IpAddress = $ipAddressBytes -join "."
17     Port = [uint16]::Parse([System.BitConverter]::ToString($portBytes).Replace("-", [string]::Empty), [System.Globalization.NumberStyles]::AllowHexSpecifier)
18 }


Python

https://sethjackson.github.io/2017/02/06/decoding-big-ip-cookies/

 1 #!/usr/bin/env python3
 2 
 3 import struct
 4 import argparse
 5 import binascii
 6 
 7 def main():
 8     parser = argparse.ArgumentParser()
 9 
10     parser.add_argument("cookie", help="the cookie to decode")
11 
12     args = parser.parse_args()
13 
14     (ip_address, port) = decode(args.cookie)
15 
16     print("Decoded IP: %s" % ip_address)
17     print("Decoded port: %s" % port)
18 
19 def decode(cookie):
20     (host, port, reserved) = cookie.split(".")
21 
22     ip_address = ".".join([str(i) for i in struct.pack("<I", int(host))])
23     port = int(binascii.hexlify(struct.pack("<H", int(port))), 16)
24 
25     return (ip_address, port)
26 
27 if __name__ == "__main__":
28     main()