F5 - BIG-IP persistence cookie en-/decoding
https://support.f5.com/csp/article/K6917
When you configure a cookie persistence profile to use the HTTP Cookie Insert or HTTP Cookie Rewrite method, the BIG-IP system inserts a cookie into the HTTP response, which well-behaved clients include in subsequent HTTP requests for the host name until the cookie expires. The cookie, by default, is named BIGipServer<pool_name>. The cookie is set to expire based on the expiration setting configured in the persistence profile. The cookie value contains the encoded IP address and port of the destination server.
Example:
BIGipServerwww.example.local=3174295050.20480.0000;
Decoded information: 10.230.51.189:80
Cookie Decoding
The encoded cookie value can be decoded to get internal information.
PowerShell
param(
[Parameter(Mandatory)][string]$cookie
)
$ipAddress, $port, $reserved = $cookie.Split(".")
$ipAddressBytes = [System.BitConverter]::GetBytes([System.Convert]::ToUInt32($ipAddress))
$portBytes = [System.BitConverter]::GetBytes([System.Convert]::ToUInt16($port))
if (-not [System.BitConverter]::IsLittleEndian) {
[System.Array]::Reverse($ipAddressBytes)
[System.Array]::Reverse($portBytes)
}
[PSCustomObject]@{
IpAddress = $ipAddressBytes -join "."
Port = [uint16]::Parse([System.BitConverter]::ToString($portBytes).Replace("-", [string]::Empty), [System.Globalization.NumberStyles]::AllowHexSpecifier)
}
Python
#!/usr/bin/env python3
import struct
import argparse
import binascii
def main():
parser = argparse.ArgumentParser()
parser.add_argument("cookie", help="the cookie to decode")
args = parser.parse_args()
(ip_address, port) = decode(args.cookie)
print("Decoded IP: %s" % ip_address)
print("Decoded port: %s" % port)
def decode(cookie):
(host, port, reserved) = cookie.split(".")
ip_address = ".".join([str(i) for i in struct.pack("<I", int(host))])
port = int(binascii.hexlify(struct.pack("<H", int(port))), 16)
return (ip_address, port)
if __name__ == "__main__":
main()