rabid 0.0.1 → 0.0.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/.gitignore +1 -0
- data/Gemfile.lock +3 -3
- data/README.md +17 -1
- data/bin/rabid +1 -0
- data/docs/About.md +4 -2
- data/docs/CHANGELOG.md +9 -1
- data/docs/README.md +10 -0
- data/docs/pages/demo.md +1 -1
- data/docs/pages/documentation.md +1 -1
- data/docs/pages/install.md +32 -2
- data/docs/pages/usage.md +2 -1
- data/docs/why.md +16 -15
- data/docs/yard/BigIPCookie.html +2 -2
- data/docs/yard/BigIPCookie/Decode.html +2 -2
- data/docs/yard/Version.html +2 -2
- data/docs/yard/_index.html +2 -2
- data/docs/yard/file.LICENSE.html +2 -2
- data/docs/yard/file.README.html +21 -41
- data/docs/yard/index.html +21 -41
- data/docs/yard/top-level-namespace.html +2 -2
- data/lib/bigipcookie.rb +11 -1
- data/lib/bigipcookie/version.rb +1 -1
- data/test/test_bigipcookie.rb +11 -0
- metadata +2 -3
- data/bigipcookie.gemspec +0 -49
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: fae7432b49568b990acad185a4ed7ec696233c8d4902f3931b438b38eb50c647
|
|
4
|
+
data.tar.gz: 324c6c155ed5a61fb58ee8d5bfa98832a05e19c84e3eb33c59ca5964b3eeb74e
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: aa28c428aae86fcc343b829d0d2c390e8693862a3e4e50551efec9cec51369161cba85c42d67af0d8fb58d67094bc9b41c637151eecc5c0948e69b7bc1058e1f
|
|
7
|
+
data.tar.gz: fd416c7f78da453f6ac63b1ba448f10e81a7f6110f74a162d877dc52fc1bef30e1526e2281bbd8b94c2e6d71a3beb4332eb7bdd670f03c79c97945bf93de2432
|
data/.gitignore
CHANGED
data/Gemfile.lock
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
PATH
|
|
2
2
|
remote: .
|
|
3
3
|
specs:
|
|
4
|
-
rabid (0.0.
|
|
4
|
+
rabid (0.0.2)
|
|
5
5
|
docopt (~> 0.6)
|
|
6
6
|
paint (~> 2.1)
|
|
7
7
|
|
|
@@ -18,7 +18,7 @@ GEM
|
|
|
18
18
|
concurrent-ruby (~> 1.0)
|
|
19
19
|
jaro_winkler (1.5.3)
|
|
20
20
|
minitest (5.11.3)
|
|
21
|
-
paint (2.1.
|
|
21
|
+
paint (2.1.1)
|
|
22
22
|
parallel (1.17.0)
|
|
23
23
|
parser (2.6.3.0)
|
|
24
24
|
ast (~> 2.4.0)
|
|
@@ -53,4 +53,4 @@ DEPENDENCIES
|
|
|
53
53
|
yard (~> 0.9)
|
|
54
54
|
|
|
55
55
|
BUNDLED WITH
|
|
56
|
-
2.0.
|
|
56
|
+
2.0.2
|
data/README.md
CHANGED
|
@@ -1,5 +1,13 @@
|
|
|
1
1
|
# RABID
|
|
2
2
|
|
|
3
|
+
[](https://badge.fury.io/rb/rabid)
|
|
4
|
+
|
|
5
|
+
[](https://github.com/Orange-Cyberdefense/rabid/network)
|
|
6
|
+
[](https://github.com/Orange-Cyberdefense/rabid/stargazers)
|
|
7
|
+
[](https://github.com/Orange-Cyberdefense/rabid/blob/master/LICENSE.txt)
|
|
8
|
+
|
|
9
|
+
[](https://repology.org/project/rabid/versions)
|
|
10
|
+
|
|
3
11
|
|
|
4
12
|
|
|
5
13
|
> **RA**pid **B**ig **I**P **D**ecoder
|
|
@@ -12,4 +20,12 @@ A CLI tool and library allowing to simply decode all kind of BigIP cookies.
|
|
|
12
20
|
|
|
13
21
|
- Support all 4 cookie formats
|
|
14
22
|
- CLI tool & library
|
|
15
|
-
- Hackable
|
|
23
|
+
- Hackable
|
|
24
|
+
|
|
25
|
+
## References
|
|
26
|
+
|
|
27
|
+
Homepage / Documentation: https://orange-cyberdefense.github.io/rabid/
|
|
28
|
+
|
|
29
|
+
## Author
|
|
30
|
+
|
|
31
|
+
Made by Alexandre ZANNI ([@noraj](https://github.com/noraj)), pentester from Orange Cyberdefense.
|
data/bin/rabid
CHANGED
|
@@ -30,6 +30,7 @@ doc = <<~DOCOPT
|
|
|
30
30
|
rabid 'rd5o00000000000000000000ffffc0000201o80'
|
|
31
31
|
rabid 'CustomeCookieName=vi20010112000000000000000000000030.20480' --ipv6-long-format
|
|
32
32
|
rabid 'BIGipServer~SuperPool=rd3o20010112000000000000000000000030o80' --debug
|
|
33
|
+
rabid 'BIGipServerhttp-pool=!LHmYFDA0qZyj4NoylBEaDn0/k2wesiGt0ANZhWaAohjULoWFXRc1b/yfibypy1qfBzD51kqvmwzfcy4='
|
|
33
34
|
DOCOPT
|
|
34
35
|
|
|
35
36
|
begin
|
data/docs/About.md
CHANGED
|
@@ -2,10 +2,12 @@
|
|
|
2
2
|
|
|
3
3
|
# References
|
|
4
4
|
|
|
5
|
-
BigIP cookie decoding is done following the official
|
|
5
|
+
BigIP cookie decoding is done following the official method provided by F5: https://support.f5.com/csp/article/K6917
|
|
6
6
|
|
|
7
7
|
IPv6 URL format try to respect RFC2732: https://tools.ietf.org/html/rfc2732
|
|
8
8
|
|
|
9
|
+
Encrypted cookie format is detected from the example given by F5: https://support.f5.com/csp/article/K23254150
|
|
10
|
+
|
|
9
11
|
## Logo
|
|
10
12
|
|
|
11
|
-
Logo made with [DesignEvo](https://www.designevo.com).
|
|
13
|
+
Logo made with [DesignEvo](https://www.designevo.com).
|
data/docs/CHANGELOG.md
CHANGED
data/docs/README.md
CHANGED
|
@@ -1,5 +1,11 @@
|
|
|
1
1
|
# RABID
|
|
2
2
|
|
|
3
|
+
[](https://badge.fury.io/rb/rabid)
|
|
4
|
+
|
|
5
|
+
[](https://github.com/Orange-Cyberdefense/rabid/network)
|
|
6
|
+
[](https://github.com/Orange-Cyberdefense/rabid/stargazers)
|
|
7
|
+
[](https://github.com/Orange-Cyberdefense/rabid/blob/master/LICENSE.txt)
|
|
8
|
+
|
|
3
9
|
> **RA**pid **B**ig **I**P **D**ecoder
|
|
4
10
|
|
|
5
11
|
## What it is
|
|
@@ -11,3 +17,7 @@ A CLI tool and library allowing to simply decode all kind of BigIP cookies.
|
|
|
11
17
|
- Support all 4 cookie formats
|
|
12
18
|
- CLI tool & library
|
|
13
19
|
- Hackable
|
|
20
|
+
|
|
21
|
+
## Author
|
|
22
|
+
|
|
23
|
+
Made by Alexandre ZANNI ([@noraj](https://github.com/noraj)), pentester from Orange Cyberdefense.
|
data/docs/pages/demo.md
CHANGED
data/docs/pages/documentation.md
CHANGED
|
@@ -15,7 +15,7 @@ $ docsify serve docs
|
|
|
15
15
|
|
|
16
16
|
The output directory of the library documentation will be `docs/yard`.
|
|
17
17
|
|
|
18
|
-
You can consult it online [here](rabid/yard/).
|
|
18
|
+
You can consult it online [here](https://orange-cyberdefense.github.io/rabid/yard/).
|
|
19
19
|
|
|
20
20
|
### Building locally: for library users
|
|
21
21
|
|
data/docs/pages/install.md
CHANGED
|
@@ -8,12 +8,42 @@
|
|
|
8
8
|
$ gem install rabid
|
|
9
9
|
```
|
|
10
10
|
|
|
11
|
+
Gem: [rabid](https://rubygems.org/gems/rabid)
|
|
12
|
+
|
|
11
13
|
### Install from BlackArch
|
|
12
14
|
|
|
15
|
+
From the repository:
|
|
16
|
+
|
|
13
17
|
```
|
|
14
18
|
# pacman -S rabid
|
|
15
19
|
```
|
|
16
20
|
|
|
21
|
+
From git:
|
|
22
|
+
|
|
23
|
+
```
|
|
24
|
+
# blackman -i rabid
|
|
25
|
+
```
|
|
26
|
+
|
|
27
|
+
PKGBUILD: [rabid](https://github.com/BlackArch/blackarch/blob/master/packages/rabid/PKGBUILD)
|
|
28
|
+
|
|
29
|
+
### Install from ArchLinux
|
|
30
|
+
|
|
31
|
+
Manually:
|
|
32
|
+
|
|
33
|
+
```
|
|
34
|
+
$ git clone https://aur.archlinux.org/rabid.git
|
|
35
|
+
$ cd rabid
|
|
36
|
+
$ makepkg -sic
|
|
37
|
+
```
|
|
38
|
+
|
|
39
|
+
With an AUR helper ([Pacman wrappers](https://wiki.archlinux.org/index.php/AUR_helpers#Pacman_wrappers)), eg. pikaur:
|
|
40
|
+
|
|
41
|
+
```
|
|
42
|
+
$ pikaur -S rabid
|
|
43
|
+
```
|
|
44
|
+
|
|
45
|
+
AUR: [rabid](https://aur.archlinux.org/packages/rabid/)
|
|
46
|
+
|
|
17
47
|
## Development
|
|
18
48
|
|
|
19
49
|
It's better to use [rbenv](https://github.com/rbenv/rbenv) to have latests version of ruby and to avoid trashing your system ruby.
|
|
@@ -29,11 +59,11 @@ $ gem install --development rabid
|
|
|
29
59
|
Just replace `x.x.x` with the gem version you see after `gem build`.
|
|
30
60
|
|
|
31
61
|
```
|
|
32
|
-
$ git clone https://
|
|
62
|
+
$ git clone https://github.com/Orange-Cyberdefense/rabid.git rabid
|
|
33
63
|
$ cd rabid
|
|
34
64
|
$ gem install bundler
|
|
35
65
|
$ bundler install
|
|
36
|
-
$ gem build
|
|
66
|
+
$ gem build bigipcookie.gemspec
|
|
37
67
|
$ gem install rabid-x.x.x.gem
|
|
38
68
|
```
|
|
39
69
|
|
data/docs/pages/usage.md
CHANGED
|
@@ -24,6 +24,7 @@ Examples:
|
|
|
24
24
|
rabid 'rd5o00000000000000000000ffffc0000201o80'
|
|
25
25
|
rabid 'CustomeCookieName=vi20010112000000000000000000000030.20480' --ipv6-long-format
|
|
26
26
|
rabid 'BIGipServer~SuperPool=rd3o20010112000000000000000000000030o80' --debug
|
|
27
|
+
rabid 'BIGipServerhttp-pool=!LHmYFDA0qZyj4NoylBEaDn0/k2wesiGt0ANZhWaAohjULoWFXRc1b/yfibypy1qfBzD51kqvmwzfcy4='
|
|
27
28
|
```
|
|
28
29
|
|
|
29
30
|
## Library
|
|
@@ -50,4 +51,4 @@ Launch `irb` with the library loaded.
|
|
|
50
51
|
```
|
|
51
52
|
$ rabid_console
|
|
52
53
|
irb(main):001:0>
|
|
53
|
-
```
|
|
54
|
+
```
|
data/docs/why.md
CHANGED
|
@@ -6,21 +6,21 @@ Most of those tools provide only a CLI interface (no library) so it is getting h
|
|
|
6
6
|
|
|
7
7
|
Most of those tools only decode *IPv4 pool members*, no *IPv4 pool members in non-default route domains*, *IPv6 pool members* or *IPv6 pool members in non-default route domains*.
|
|
8
8
|
|
|
9
|
-
Name | IPv4 | IPv4 ndrd | IPv6 | IPv6 ndrd | CLI | Library | Online | Notes
|
|
10
|
-
|
|
11
|
-
RABID | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :x: |
|
|
12
|
-
[psmet/BIGip-cookie-decoder][1] | :heavy_check_mark: | :x: | :x: | :x: | :heavy_check_mark: | :x: | :x: |
|
|
13
|
-
[f5-cookie-encode-decode][2] | :heavy_check_mark: | :x: | :x: | :x: | :x: | :x: | :heavy_check_mark: |
|
|
14
|
-
[bigip-cookie-decoder][3] | :heavy_check_mark: | :x: | :x: | :x: | :x: | :x: | :x: | Google Chrome plugin, only on live targets
|
|
15
|
-
[big-ip-encoder-decoder][4] | :heavy_check_mark: | :x: | :x: | :x: | :x: | :x: | :heavy_check_mark: |
|
|
16
|
-
[DarkLighting/bigip-cookie-decoder][5] | :heavy_check_mark: | :x: | :x: | :x: | :heavy_check_mark: | :x: | :x: |
|
|
17
|
-
[vanshit/BigIP-Cookie-Decoder][6] | :heavy_check_mark: | :x: | :x: | :x: | :heavy_check_mark: | :x: | :x: |
|
|
18
|
-
[evict/BIG-IP-Cookie-decoding][7] | :x: | :heavy_check_mark: | :x: | :x: | :heavy_check_mark: | :x: | :x: |
|
|
19
|
-
[MooseDojo/BigCookie][8] | :heavy_check_mark: | :x: | :x: | :x: | :heavy_check_mark: | :x: | :x: |
|
|
20
|
-
[ezelf/f5_cookieLeaks][9] | :heavy_check_mark: | :x: | :x: | :x: | :heavy_check_mark: | :x: | :x: | only on live targets
|
|
21
|
-
[drwetter/F5-BIGIP-Decoder][10] | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :x: | :x: |
|
|
22
|
-
[f5_bigip_cookie_disclosure][11] (msf) | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :o: | :o: | :x: | only on live targets
|
|
23
|
-
[http-bigip-cookie][12] (nse) | :heavy_check_mark: | :x: | :x: | :x: | :heavy_check_mark: | :x: | :x: | only on live targets
|
|
9
|
+
Name | IPv4 | IPv4 ndrd | IPv6 | IPv6 ndrd | Enc :closed_lock_with_key: | CLI | Library | Online | Notes
|
|
10
|
+
---------------------------------------|--------------------|--------------------|--------------------|--------------------|----------------------------|--------------------|--------------------|--------------------|-------------------------------------------
|
|
11
|
+
RABID | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :x: |
|
|
12
|
+
[psmet/BIGip-cookie-decoder][1] | :heavy_check_mark: | :x: | :x: | :x: | :x: | :heavy_check_mark: | :x: | :x: |
|
|
13
|
+
[f5-cookie-encode-decode][2] | :heavy_check_mark: | :x: | :x: | :x: | :x: | :x: | :x: | :heavy_check_mark: |
|
|
14
|
+
[bigip-cookie-decoder][3] | :heavy_check_mark: | :x: | :x: | :x: | :x: | :x: | :x: | :x: | Google Chrome plugin, only on live targets
|
|
15
|
+
[big-ip-encoder-decoder][4] | :heavy_check_mark: | :x: | :x: | :x: | :x: | :x: | :x: | :heavy_check_mark: |
|
|
16
|
+
[DarkLighting/bigip-cookie-decoder][5] | :heavy_check_mark: | :x: | :x: | :x: | :x: | :heavy_check_mark: | :x: | :x: |
|
|
17
|
+
[vanshit/BigIP-Cookie-Decoder][6] | :heavy_check_mark: | :x: | :x: | :x: | :x: | :heavy_check_mark: | :x: | :x: |
|
|
18
|
+
[evict/BIG-IP-Cookie-decoding][7] | :x: | :heavy_check_mark: | :x: | :x: | :x: | :heavy_check_mark: | :x: | :x: |
|
|
19
|
+
[MooseDojo/BigCookie][8] | :heavy_check_mark: | :x: | :x: | :x: | :x: | :heavy_check_mark: | :x: | :x: |
|
|
20
|
+
[ezelf/f5_cookieLeaks][9] | :heavy_check_mark: | :x: | :x: | :x: | :x: | :heavy_check_mark: | :x: | :x: | only on live targets
|
|
21
|
+
[drwetter/F5-BIGIP-Decoder][10] | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :x: | :x: |
|
|
22
|
+
[f5_bigip_cookie_disclosure][11] (msf) | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :x: | :o: | :o: | :x: | only on live targets
|
|
23
|
+
[http-bigip-cookie][12] (nse) | :heavy_check_mark: | :x: | :x: | :x: | :x: | :heavy_check_mark: | :x: | :x: | only on live targets
|
|
24
24
|
|
|
25
25
|
Legend:
|
|
26
26
|
|
|
@@ -28,6 +28,7 @@ Legend:
|
|
|
28
28
|
- IPv4 ndrd: IPv4 pool members in non-default route domains
|
|
29
29
|
- IPv6: IPv6 pool members
|
|
30
30
|
- IPv6 ndrd: IPv6 pool members in non-default route domains
|
|
31
|
+
- Enc :closed_lock_with_key:: encrypted cookie detection
|
|
31
32
|
- :o:: partially
|
|
32
33
|
- msf: metasploit framework
|
|
33
34
|
- nse: nmap script engine
|
data/docs/yard/BigIPCookie.html
CHANGED
|
@@ -149,9 +149,9 @@
|
|
|
149
149
|
</div>
|
|
150
150
|
|
|
151
151
|
<div id="footer">
|
|
152
|
-
Generated on
|
|
152
|
+
Generated on Wed Jul 31 20:54:45 2019 by
|
|
153
153
|
<a href="http://yardoc.org" title="Yay! A Ruby Documentation Tool" target="_parent">yard</a>
|
|
154
|
-
0.9.20 (ruby-2.6.
|
|
154
|
+
0.9.20 (ruby-2.6.0).
|
|
155
155
|
</div>
|
|
156
156
|
|
|
157
157
|
</div>
|
|
@@ -772,9 +772,9 @@
|
|
|
772
772
|
</div>
|
|
773
773
|
|
|
774
774
|
<div id="footer">
|
|
775
|
-
Generated on
|
|
775
|
+
Generated on Wed Jul 31 20:54:45 2019 by
|
|
776
776
|
<a href="http://yardoc.org" title="Yay! A Ruby Documentation Tool" target="_parent">yard</a>
|
|
777
|
-
0.9.20 (ruby-2.6.
|
|
777
|
+
0.9.20 (ruby-2.6.0).
|
|
778
778
|
</div>
|
|
779
779
|
|
|
780
780
|
</div>
|
data/docs/yard/Version.html
CHANGED
|
@@ -116,9 +116,9 @@
|
|
|
116
116
|
</div>
|
|
117
117
|
|
|
118
118
|
<div id="footer">
|
|
119
|
-
Generated on
|
|
119
|
+
Generated on Wed Jul 31 20:54:45 2019 by
|
|
120
120
|
<a href="http://yardoc.org" title="Yay! A Ruby Documentation Tool" target="_parent">yard</a>
|
|
121
|
-
0.9.20 (ruby-2.6.
|
|
121
|
+
0.9.20 (ruby-2.6.0).
|
|
122
122
|
</div>
|
|
123
123
|
|
|
124
124
|
</div>
|
data/docs/yard/_index.html
CHANGED
|
@@ -128,9 +128,9 @@
|
|
|
128
128
|
</div>
|
|
129
129
|
|
|
130
130
|
<div id="footer">
|
|
131
|
-
Generated on
|
|
131
|
+
Generated on Wed Jul 31 20:54:45 2019 by
|
|
132
132
|
<a href="http://yardoc.org" title="Yay! A Ruby Documentation Tool" target="_parent">yard</a>
|
|
133
|
-
0.9.20 (ruby-2.6.
|
|
133
|
+
0.9.20 (ruby-2.6.0).
|
|
134
134
|
</div>
|
|
135
135
|
|
|
136
136
|
</div>
|
data/docs/yard/file.LICENSE.html
CHANGED
|
@@ -60,9 +60,9 @@
|
|
|
60
60
|
<div id="content"><div id='filecontents'>The MIT License (MIT)<br/><br/>Copyright (c) 2019 Alexandre ZANNI<br/><br/>Permission is hereby granted, free of charge, to any person obtaining a copy<br/>of this software and associated documentation files (the "Software"), to deal<br/>in the Software without restriction, including without limitation the rights<br/>to use, copy, modify, merge, publish, distribute, sublicense, and/or sell<br/>copies of the Software, and to permit persons to whom the Software is<br/>furnished to do so, subject to the following conditions:<br/><br/>The above copyright notice and this permission notice shall be included in<br/>all copies or substantial portions of the Software.<br/><br/>THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR<br/>IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,<br/>FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE<br/>AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER<br/>LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,<br/>OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN<br/>THE SOFTWARE.</div></div>
|
|
61
61
|
|
|
62
62
|
<div id="footer">
|
|
63
|
-
Generated on
|
|
63
|
+
Generated on Wed Jul 31 20:54:45 2019 by
|
|
64
64
|
<a href="http://yardoc.org" title="Yay! A Ruby Documentation Tool" target="_parent">yard</a>
|
|
65
|
-
0.9.20 (ruby-2.6.
|
|
65
|
+
0.9.20 (ruby-2.6.0).
|
|
66
66
|
</div>
|
|
67
67
|
|
|
68
68
|
</div>
|
data/docs/yard/file.README.html
CHANGED
|
@@ -57,51 +57,31 @@
|
|
|
57
57
|
<div class="clear"></div>
|
|
58
58
|
</div>
|
|
59
59
|
|
|
60
|
-
<div id="content"><div id='filecontents'><h1>RABID
|
|
61
|
-
|
|
62
|
-
<
|
|
63
|
-
|
|
64
|
-
|
|
65
|
-
|
|
66
|
-
|
|
67
|
-
|
|
68
|
-
|
|
69
|
-
|
|
70
|
-
|
|
71
|
-
|
|
72
|
-
|
|
73
|
-
|
|
74
|
-
|
|
75
|
-
|
|
76
|
-
|
|
77
|
-
|
|
78
|
-
|
|
79
|
-
...',,,,,,,,,,,,,,,,,,,,,,,,,,,,,'',,,'..;okXWd.',,,,,,,,,,,,,.
|
|
80
|
-
.','..'''',,,,,,,,,,,,,,,,,,,,,,,,'..;lONMMMNl.',,,,,,,,,',,,..
|
|
81
|
-
.''..'....,,,,,,,,,,,,,,,,',,'...'cxXWMMMMMO..'',,,,,,,,,,,,'.
|
|
82
|
-
.''.,O0xl;'..'',,',,,,,,,,''..,okKWWWMMMWWO, .,',,,,,,,,,,,,,'.
|
|
83
|
-
.,..dWWMWKko:,..'',,,,,'..':kNWWWWWWWWWKo'..',,,,,,,,,,,,','.
|
|
84
|
-
.',',dNMMMMWWXOc..',,,,'..;dOKXNNWWNXOo,..',,',,,,,,,,,,,,'.
|
|
85
|
-
.,,'';oOKNNX0x:..,,,,,,,'...',;;:::;'.',,,,,,,,,,,,',,','.
|
|
86
|
-
..,,,'..,::;,'',,,,,,,,,'',,,''''.''',,,,,,,,,,,,,,,,,,'.
|
|
87
|
-
..,,,,,,,,''',,,,,,,,,'....,;::c:,'...',,,,,',,'',,,,'.
|
|
88
|
-
.',,,,,,',,,,,,''',;:coxOKNWWMWNKk:...,,,,,',,,,,,'.
|
|
89
|
-
.'',,,,,,,,'.,coOXNWWMMMW0xddk0K0x. .',',,,,,,,'..
|
|
90
|
-
..',',,'';lxKWMWNX0OkkkxdokOddoc,. .,,,,,,,,'.
|
|
91
|
-
..',,'.oNWNK00OOOO0KNNWMMWWWMWXk'.',,,,,,'.
|
|
92
|
-
..',.'xNNXXXXK00OOkkkkkkkxxxd:'.',,,,'..
|
|
93
|
-
...;dolc:;,,''...........'',,,''..
|
|
94
|
-
....'',,,,,,,,,,,,,,,,'''...
|
|
95
|
-
..................
|
|
96
|
-
|
|
97
|
-
|
|
98
|
-
</code></pre>
|
|
60
|
+
<div id="content"><div id='filecontents'><h1>RABID</h1>
|
|
61
|
+
|
|
62
|
+
<p><img src="https://orange-cyberdefense.github.io/rabid/_media/logo.png" alt=""></p>
|
|
63
|
+
|
|
64
|
+
<blockquote>
|
|
65
|
+
<p><strong>RA</strong>pid <strong>B</strong>ig <strong>I</strong>P <strong>D</strong>ecoder</p>
|
|
66
|
+
</blockquote>
|
|
67
|
+
|
|
68
|
+
<h2>What it is</h2>
|
|
69
|
+
|
|
70
|
+
<p>A CLI tool and library allowing to simply decode all kind of BigIP cookies.</p>
|
|
71
|
+
|
|
72
|
+
<h2>Features</h2>
|
|
73
|
+
|
|
74
|
+
<ul>
|
|
75
|
+
<li>Support all 4 cookie formats</li>
|
|
76
|
+
<li>CLI tool & library</li>
|
|
77
|
+
<li>Hackable</li>
|
|
78
|
+
</ul>
|
|
99
79
|
</div></div>
|
|
100
80
|
|
|
101
81
|
<div id="footer">
|
|
102
|
-
Generated on
|
|
82
|
+
Generated on Wed Jul 31 20:54:45 2019 by
|
|
103
83
|
<a href="http://yardoc.org" title="Yay! A Ruby Documentation Tool" target="_parent">yard</a>
|
|
104
|
-
0.9.20 (ruby-2.6.
|
|
84
|
+
0.9.20 (ruby-2.6.0).
|
|
105
85
|
</div>
|
|
106
86
|
|
|
107
87
|
</div>
|
data/docs/yard/index.html
CHANGED
|
@@ -57,51 +57,31 @@
|
|
|
57
57
|
<div class="clear"></div>
|
|
58
58
|
</div>
|
|
59
59
|
|
|
60
|
-
<div id="content"><div id='filecontents'><h1>RABID
|
|
61
|
-
|
|
62
|
-
<
|
|
63
|
-
|
|
64
|
-
|
|
65
|
-
|
|
66
|
-
|
|
67
|
-
|
|
68
|
-
|
|
69
|
-
|
|
70
|
-
|
|
71
|
-
|
|
72
|
-
|
|
73
|
-
|
|
74
|
-
|
|
75
|
-
|
|
76
|
-
|
|
77
|
-
|
|
78
|
-
|
|
79
|
-
...',,,,,,,,,,,,,,,,,,,,,,,,,,,,,'',,,'..;okXWd.',,,,,,,,,,,,,.
|
|
80
|
-
.','..'''',,,,,,,,,,,,,,,,,,,,,,,,'..;lONMMMNl.',,,,,,,,,',,,..
|
|
81
|
-
.''..'....,,,,,,,,,,,,,,,,',,'...'cxXWMMMMMO..'',,,,,,,,,,,,'.
|
|
82
|
-
.''.,O0xl;'..'',,',,,,,,,,''..,okKWWWMMMWWO, .,',,,,,,,,,,,,,'.
|
|
83
|
-
.,..dWWMWKko:,..'',,,,,'..':kNWWWWWWWWWKo'..',,,,,,,,,,,,','.
|
|
84
|
-
.',',dNMMMMWWXOc..',,,,'..;dOKXNNWWNXOo,..',,',,,,,,,,,,,,'.
|
|
85
|
-
.,,'';oOKNNX0x:..,,,,,,,'...',;;:::;'.',,,,,,,,,,,,',,','.
|
|
86
|
-
..,,,'..,::;,'',,,,,,,,,'',,,''''.''',,,,,,,,,,,,,,,,,,'.
|
|
87
|
-
..,,,,,,,,''',,,,,,,,,'....,;::c:,'...',,,,,',,'',,,,'.
|
|
88
|
-
.',,,,,,',,,,,,''',;:coxOKNWWMWNKk:...,,,,,',,,,,,'.
|
|
89
|
-
.'',,,,,,,,'.,coOXNWWMMMW0xddk0K0x. .',',,,,,,,'..
|
|
90
|
-
..',',,'';lxKWMWNX0OkkkxdokOddoc,. .,,,,,,,,'.
|
|
91
|
-
..',,'.oNWNK00OOOO0KNNWMMWWWMWXk'.',,,,,,'.
|
|
92
|
-
..',.'xNNXXXXK00OOkkkkkkkxxxd:'.',,,,'..
|
|
93
|
-
...;dolc:;,,''...........'',,,''..
|
|
94
|
-
....'',,,,,,,,,,,,,,,,'''...
|
|
95
|
-
..................
|
|
96
|
-
|
|
97
|
-
|
|
98
|
-
</code></pre>
|
|
60
|
+
<div id="content"><div id='filecontents'><h1>RABID</h1>
|
|
61
|
+
|
|
62
|
+
<p><img src="https://orange-cyberdefense.github.io/rabid/_media/logo.png" alt=""></p>
|
|
63
|
+
|
|
64
|
+
<blockquote>
|
|
65
|
+
<p><strong>RA</strong>pid <strong>B</strong>ig <strong>I</strong>P <strong>D</strong>ecoder</p>
|
|
66
|
+
</blockquote>
|
|
67
|
+
|
|
68
|
+
<h2>What it is</h2>
|
|
69
|
+
|
|
70
|
+
<p>A CLI tool and library allowing to simply decode all kind of BigIP cookies.</p>
|
|
71
|
+
|
|
72
|
+
<h2>Features</h2>
|
|
73
|
+
|
|
74
|
+
<ul>
|
|
75
|
+
<li>Support all 4 cookie formats</li>
|
|
76
|
+
<li>CLI tool & library</li>
|
|
77
|
+
<li>Hackable</li>
|
|
78
|
+
</ul>
|
|
99
79
|
</div></div>
|
|
100
80
|
|
|
101
81
|
<div id="footer">
|
|
102
|
-
Generated on
|
|
82
|
+
Generated on Wed Jul 31 20:54:45 2019 by
|
|
103
83
|
<a href="http://yardoc.org" title="Yay! A Ruby Documentation Tool" target="_parent">yard</a>
|
|
104
|
-
0.9.20 (ruby-2.6.
|
|
84
|
+
0.9.20 (ruby-2.6.0).
|
|
105
85
|
</div>
|
|
106
86
|
|
|
107
87
|
</div>
|
|
@@ -102,9 +102,9 @@
|
|
|
102
102
|
</div>
|
|
103
103
|
|
|
104
104
|
<div id="footer">
|
|
105
|
-
Generated on
|
|
105
|
+
Generated on Wed Jul 31 20:54:45 2019 by
|
|
106
106
|
<a href="http://yardoc.org" title="Yay! A Ruby Documentation Tool" target="_parent">yard</a>
|
|
107
|
-
0.9.20 (ruby-2.6.
|
|
107
|
+
0.9.20 (ruby-2.6.0).
|
|
108
108
|
</div>
|
|
109
109
|
|
|
110
110
|
</div>
|
data/lib/bigipcookie.rb
CHANGED
|
@@ -164,6 +164,10 @@ class BigIPCookie
|
|
|
164
164
|
return "[#{ip}%#{id}]:#{port}"
|
|
165
165
|
end
|
|
166
166
|
|
|
167
|
+
def encrypted(cookie)
|
|
168
|
+
return 'Unknown:Encrypted'
|
|
169
|
+
end
|
|
170
|
+
|
|
167
171
|
# Automatically detect the BigIP cookie type
|
|
168
172
|
# @param cookie [String] raw cookie value
|
|
169
173
|
# @return [Integer] detected cookie code (mapped with {decode_cookie})
|
|
@@ -181,6 +185,9 @@ class BigIPCookie
|
|
|
181
185
|
## IPv6 pool members in non-default route domains
|
|
182
186
|
return 601 if /rd([0-9]+)o([0-9a-zA-Z]{32})o([0-9]{1,5})/.match?(cookie)
|
|
183
187
|
|
|
188
|
+
## Encrypted
|
|
189
|
+
return 999 if /!(?:[A-Za-z0-9+\/]{4})*(?:[A-Za-z0-9+\/]{2}==|[A-Za-z0-9+\/]{3}=)?/.match?(cookie)
|
|
190
|
+
|
|
184
191
|
raise 'Unrecognized cookie'
|
|
185
192
|
end
|
|
186
193
|
|
|
@@ -202,6 +209,9 @@ class BigIPCookie
|
|
|
202
209
|
elsif number == 601
|
|
203
210
|
@cookie_type = 'IPv6 pool members in non-default route domains'
|
|
204
211
|
ipv6_pm_ndrd(cookie, opts)
|
|
212
|
+
elsif number == 999
|
|
213
|
+
@cookie_type = 'Encrypted'
|
|
214
|
+
encrypted(cookie)
|
|
205
215
|
else
|
|
206
216
|
raise "Wrong cookie type numer: #{number}"
|
|
207
217
|
end
|
|
@@ -241,6 +251,6 @@ class BigIPCookie
|
|
|
241
251
|
|
|
242
252
|
private :retrieve_pool_name, :decode_cookie, :detect_cookie_type,
|
|
243
253
|
:ipv6_pm_ndrd, :ipv6_pm, :ipv4_pm_ndrd, :ipv4_pm, :decode_port,
|
|
244
|
-
:decode_ip
|
|
254
|
+
:decode_ip, :encrypted
|
|
245
255
|
end
|
|
246
256
|
end
|
data/lib/bigipcookie/version.rb
CHANGED
data/test/test_bigipcookie.rb
CHANGED
|
@@ -51,4 +51,15 @@ class BigIPCookieTest < Minitest::Test
|
|
|
51
51
|
# Cookie type
|
|
52
52
|
assert_equal('IPv6 pool members in non-default route domains', bip.cookie_type)
|
|
53
53
|
end
|
|
54
|
+
|
|
55
|
+
def test_encrypted
|
|
56
|
+
bip = BigIPCookie::Decode.new('BIGipServerhttp-pool=!LHmYFDA0qZyj4NoylBEaDn0/k2wesiGt0ANZhWaAohjULoWFXRc1b/yfibypy1qfBzD51kqvmwzfcy4=')
|
|
57
|
+
bip.auto_decode
|
|
58
|
+
# Decoded cookie
|
|
59
|
+
assert_equal('Unknown:Encrypted', bip.decoded_cookie)
|
|
60
|
+
# Pool name
|
|
61
|
+
assert_equal('http-pool', bip.pool_name)
|
|
62
|
+
# Cookie type
|
|
63
|
+
assert_equal('Encrypted', bip.cookie_type)
|
|
64
|
+
end
|
|
54
65
|
end
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: rabid
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.0.
|
|
4
|
+
version: 0.0.2
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Alexandre ZANNI
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2019-
|
|
11
|
+
date: 2019-10-03 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: docopt
|
|
@@ -168,7 +168,6 @@ files:
|
|
|
168
168
|
- LICENSE.txt
|
|
169
169
|
- README.md
|
|
170
170
|
- Rakefile
|
|
171
|
-
- bigipcookie.gemspec
|
|
172
171
|
- bin/rabid
|
|
173
172
|
- bin/rabid_console
|
|
174
173
|
- bin/rabid_setup
|
data/bigipcookie.gemspec
DELETED
|
@@ -1,49 +0,0 @@
|
|
|
1
|
-
# frozen_string_literal: true
|
|
2
|
-
|
|
3
|
-
lib = File.expand_path('lib', __dir__)
|
|
4
|
-
$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
|
|
5
|
-
require 'bigipcookie/version'
|
|
6
|
-
|
|
7
|
-
Gem::Specification.new do |s|
|
|
8
|
-
s.name = 'rabid'
|
|
9
|
-
s.version = Version::VERSION
|
|
10
|
-
s.platform = Gem::Platform::RUBY
|
|
11
|
-
s.date = '2019-07-16'
|
|
12
|
-
s.summary = 'RApid Big IP Decoder'
|
|
13
|
-
s.description = 'A library and CLI tool allowing to decode all 4 types'\
|
|
14
|
-
' of BigIP cookies'
|
|
15
|
-
s.authors = ['Alexandre ZANNI']
|
|
16
|
-
s.email = 'alexandre.zanni@engineer.com'
|
|
17
|
-
s.homepage = 'https://orange-cyberdefense.github.io/rabid/'
|
|
18
|
-
s.license = 'MIT'
|
|
19
|
-
|
|
20
|
-
s.files = `git ls-files`.split("\n")
|
|
21
|
-
s.executables = `git ls-files -- bin/*`.split("\n").map { |f|
|
|
22
|
-
File.basename(f)
|
|
23
|
-
}
|
|
24
|
-
s.test_files = s.files.grep(%r{^(test)/})
|
|
25
|
-
s.require_paths = ['lib']
|
|
26
|
-
|
|
27
|
-
s.metadata = {
|
|
28
|
-
'yard.run' => 'yard',
|
|
29
|
-
'bug_tracker_uri' => 'https://github.com/Orange-Cyberdefense/rabid/issues',
|
|
30
|
-
'changelog_uri' => 'https://github.com/Orange-Cyberdefense/rabid/blob/master/docs/CHANGELOG.md',
|
|
31
|
-
'documentation_uri' => 'https://orange-cyberdefense.github.io/rabid/',
|
|
32
|
-
'homepage_uri' => 'https://orange-cyberdefense.github.io/rabid/',
|
|
33
|
-
'source_code_uri' => 'https://github.com/Orange-Cyberdefense/rabid/',
|
|
34
|
-
}
|
|
35
|
-
|
|
36
|
-
s.required_ruby_version = '~> 2.4'
|
|
37
|
-
|
|
38
|
-
s.add_runtime_dependency('docopt', '~> 0.6') # for argument parsing
|
|
39
|
-
s.add_runtime_dependency('paint', '~> 2.1') # for colorized ouput
|
|
40
|
-
|
|
41
|
-
s.add_development_dependency('bundler', '~> 2.0')
|
|
42
|
-
s.add_development_dependency('commonmarker', '~> 0.18') # for GMF support in YARD
|
|
43
|
-
s.add_development_dependency('github-markup', '~> 3.0') # for GMF support in YARD
|
|
44
|
-
s.add_development_dependency('minitest', '~> 5.11')
|
|
45
|
-
s.add_development_dependency('rake', '~> 12.3')
|
|
46
|
-
s.add_development_dependency('redcarpet', '~> 3.4') # for GMF support in YARD
|
|
47
|
-
s.add_development_dependency('rubocop', '~> 0.63')
|
|
48
|
-
s.add_development_dependency('yard', '~> 0.9')
|
|
49
|
-
end
|