Forum Discussion

AlexDeMarco's avatar
AlexDeMarco
Icon for Nimbostratus rankNimbostratus
Feb 19, 2020

Help with scan and cookie

I am trying to parse out the ip and port being used is a persistence cookie

 

the Cookie name BIGipServer~TESTPartition~TEST_Server_7001

I found the snippet of code below:

scan [HTTP::cookie $bigipcookie] {%*[^\f]%*4x%2x%2x%2x%2xo%i} a b c d e

set Ip $a.$b.$c.$d

set Port $e

 

But it does not work I believe the scan does not like the format and I can't change the cookie format.

Any ideas how to modify it?

2 Replies

  • Hi Alex,

     

    If the scan is saying that it doesn't like the IP and port being displayed in the cookie then you may just be able to enable cookie encryption. Please see the two articles below for more information.

     

    K14784: Configuring cookie encryption within the HTTP profile (10.x - 15.x)

    https://support.f5.com/csp/article/K14784

     

    K23254150: Configuring cookie encryption for BIG-IP persistence cookies from the cookie persistence profile

    https://support.f5.com/csp/article/K23254150

     

    I hope that this helps.

     

    -Nathan F

  • Hi,

    Another possibility, you are trying to read other cookie structure information.

    The scan format "%*[^\f]%*4x%2x%2x%2x%2xo%i" is related to a "IPv4 pool members in non-default route domains"

    See: https://support.f5.com/csp/article/K6917

     

    e.g.

    BIGipServer<pool_name>=rd5o00000000000000000000ffffc0000201o80

    set cookie rd5o00000000000000000000ffffc0000201o80
    scan $cookie {%*[^\f]%*4x%2x%2x%2x%2xo%i} a b c d e
    set IP $a.$b.$c.$d
    set PORT $e

     

    If you have an "IPv4 pool members" scenario, maybe this code:

    BIGipServer<pool_name>=1677787402.36895.0000

    set cookie 1677787402.36895.0000
    scan $cookie {%10d.%5d.%4d} a b c
    set hex [format "%4x%4x%02x" $a $b $c]
    set IP [expr 0x[string range $hex 6 7]].[expr 0x[string range $hex 4 5]].[expr 0x[string range $hex 2 3]].[expr 0x[string range $hex 0 1]]
    set PORT [expr 0x[string range $hex 10 11][string range $hex 8 9]]

    I hope it helps

     

    Regards.