Regexp for complex password

Question

Hi Guys,&nbsp;Need help for below regexp,&nbsp;when HTTP_REQUEST_DATA {&nbsp;&nbsp;set payload [URI::decode [HTTP::payload]]&nbsp;&nbsp;regexp {^.*txtURL=([^&amp;]+).*$} $payload -&gt; gotURL&nbsp;&nbsp;regexp {^.*username=([^&amp;]+).*$} $payload -&gt; username&nbsp;&nbsp;regexp {^.*password=([^&amp;]+).*$} $payload -&gt; password	HTTP::release}&nbsp;works for simpel password, but facing issue with password having following characters&nbsp;$,&amp;, % etc.&nbsp;sample string--- &lt;HTTP_REQUEST_DATA&gt;: Payload is = username=apptest&amp;password=1234&amp;1abc&amp;txtURL=https://trng.example.com:443/ssoman/c/SSA&nbsp;&nbsp;Regards,Sajid

corrado · Answer

This might work if there is always a field starting with &, like &txtURL, after the "password=" filed.

I asslumed that since you use a regex that excludes character & , but as you said passwords containing character '&' will not be matched while using this regex you will always have "&" as a character after the password so everything but last & will match.

^.*password=(\K.*)&

sajid · Answer

Hi Corrado,&nbsp;Thanks for your response.&nbsp;Got this error,&nbsp;&nbsp;warning: ["\K" has no meaning.&nbsp;Did you mean "\K" or "K"?][{^.*password=(\K.*)&amp;}]&nbsp;&nbsp;Regards,Sajid

Forum Discussion

Regexp for complex password

2 Replies

Recent Discussions

F5 Rseries HA

Error when running bigip_command Playbook against LTM : Syntax Error: unexpected argument /bin/sh\n

Can iRule be used to perform exception of IPI category based on Geolocation

Can iRule mask the payload content on event logs of security

minimum tmos software version for connect CIS (openshift)

Related Content

Minimizing Security Complexity: Managing Distributed WAF Policies

Automate scp transfers using password

Password Safety & Security: Passwords vs. Passphrases

Adaptive Apps: Identify underlying issues in a complex app portfolio - Demo Kit

SSL Orchestrator Advanced Use Cases: Reducing Complexity