BIGip是对负载均衡的实现,主要通过Virtual Server、iRules、Pool、Node、Monitor和Persistent(会话保持)实现。BIGip在实现会话保持机制时会在用户首次发起请求时,会为用户设置一个cookie,即服务端会添加set-cookie响应头头(比如:Set-Cookie: BIGipServerFinanceAndAdminWebfo.unc.edu=110536896.20480.0000 )。后续的请求会判断并使用这个cookie值,服务端解码该cookie并使用服务器。
直接上解密工具
mac@Mac F5-BIG-IP-Cookie-Decoder-master % python f5decoder.py 110536896.20480.0000
[*] success | 110536896.20480.0000 | 192.168.150.6 : 80
f5decoder.py 内容
# -*- coding: utf-8 -*-
import struct
import sys
class Colors:
BLUE = '\033[94m'
GREEN = '\033[32m'
RED = '\033[0;31m'
DEFAULT = '\033[0m'
ORANGE = '\033[33m'
WHITE = '\033[97m'
BOLD = '\033[1m'
BR_COLOUR = '\033[1;37;40m'
if len(sys.argv) != 2:
print("[*] python f5decoder.py 185903296.21520.0000" % sys.argv[0])
exit(1)
encoded_string = sys.argv[1]
(host, port, end) = encoded_string.split('.')
(a, b, c, d) = [ord(i) for i in struct.pack("<I", int(host))]
decIp = "%s.%s.%s.%s"%(a,b,c,d)
(e) = [ord(e) for e in struct.pack("<H", int(port))]
decPort = str(int("0x%02X%02X" % (e[0],e[1]),16))
result = Colors.GREEN + "[*] success \t " + Colors.WHITE+"| " + Colors.DEFAULT + encoded_string +Colors.WHITE+ " \t | "+ Colors.BLUE + decIp +Colors.BLUE+ " : " + Colors.BLUE + decPort + Colors.DEFAULT
print(result)
相关资料:
通过F5 BIG-IP LTM的会话Cookie获取Facebook服务器内网IP
https://github.com/TaggerZ/F5-BIG-IP-Cookie-Decoder
个人公众号(大数据学习交流): hadoopwiki