rabid 0.0.1 → 0.0.2
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.gitignore +1 -0
- data/Gemfile.lock +3 -3
- data/README.md +17 -1
- data/bin/rabid +1 -0
- data/docs/About.md +4 -2
- data/docs/CHANGELOG.md +9 -1
- data/docs/README.md +10 -0
- data/docs/pages/demo.md +1 -1
- data/docs/pages/documentation.md +1 -1
- data/docs/pages/install.md +32 -2
- data/docs/pages/usage.md +2 -1
- data/docs/why.md +16 -15
- data/docs/yard/BigIPCookie.html +2 -2
- data/docs/yard/BigIPCookie/Decode.html +2 -2
- data/docs/yard/Version.html +2 -2
- data/docs/yard/_index.html +2 -2
- data/docs/yard/file.LICENSE.html +2 -2
- data/docs/yard/file.README.html +21 -41
- data/docs/yard/index.html +21 -41
- data/docs/yard/top-level-namespace.html +2 -2
- data/lib/bigipcookie.rb +11 -1
- data/lib/bigipcookie/version.rb +1 -1
- data/test/test_bigipcookie.rb +11 -0
- metadata +2 -3
- data/bigipcookie.gemspec +0 -49
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: fae7432b49568b990acad185a4ed7ec696233c8d4902f3931b438b38eb50c647
|
|
4
|
+
data.tar.gz: 324c6c155ed5a61fb58ee8d5bfa98832a05e19c84e3eb33c59ca5964b3eeb74e
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: aa28c428aae86fcc343b829d0d2c390e8693862a3e4e50551efec9cec51369161cba85c42d67af0d8fb58d67094bc9b41c637151eecc5c0948e69b7bc1058e1f
|
|
7
|
+
data.tar.gz: fd416c7f78da453f6ac63b1ba448f10e81a7f6110f74a162d877dc52fc1bef30e1526e2281bbd8b94c2e6d71a3beb4332eb7bdd670f03c79c97945bf93de2432
|
data/.gitignore
CHANGED
data/Gemfile.lock
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
PATH
|
|
2
2
|
remote: .
|
|
3
3
|
specs:
|
|
4
|
-
rabid (0.0.
|
|
4
|
+
rabid (0.0.2)
|
|
5
5
|
docopt (~> 0.6)
|
|
6
6
|
paint (~> 2.1)
|
|
7
7
|
|
|
@@ -18,7 +18,7 @@ GEM
|
|
|
18
18
|
concurrent-ruby (~> 1.0)
|
|
19
19
|
jaro_winkler (1.5.3)
|
|
20
20
|
minitest (5.11.3)
|
|
21
|
-
paint (2.1.
|
|
21
|
+
paint (2.1.1)
|
|
22
22
|
parallel (1.17.0)
|
|
23
23
|
parser (2.6.3.0)
|
|
24
24
|
ast (~> 2.4.0)
|
|
@@ -53,4 +53,4 @@ DEPENDENCIES
|
|
|
53
53
|
yard (~> 0.9)
|
|
54
54
|
|
|
55
55
|
BUNDLED WITH
|
|
56
|
-
2.0.
|
|
56
|
+
2.0.2
|
data/README.md
CHANGED
|
@@ -1,5 +1,13 @@
|
|
|
1
1
|
# RABID
|
|
2
2
|
|
|
3
|
+
[](https://badge.fury.io/rb/rabid)
|
|
4
|
+
|
|
5
|
+
[](https://github.com/Orange-Cyberdefense/rabid/network)
|
|
6
|
+
[](https://github.com/Orange-Cyberdefense/rabid/stargazers)
|
|
7
|
+
[](https://github.com/Orange-Cyberdefense/rabid/blob/master/LICENSE.txt)
|
|
8
|
+
|
|
9
|
+
[](https://repology.org/project/rabid/versions)
|
|
10
|
+
|
|
3
11
|
|
|
4
12
|
|
|
5
13
|
> **RA**pid **B**ig **I**P **D**ecoder
|
|
@@ -12,4 +20,12 @@ A CLI tool and library allowing to simply decode all kind of BigIP cookies.
|
|
|
12
20
|
|
|
13
21
|
- Support all 4 cookie formats
|
|
14
22
|
- CLI tool & library
|
|
15
|
-
- Hackable
|
|
23
|
+
- Hackable
|
|
24
|
+
|
|
25
|
+
## References
|
|
26
|
+
|
|
27
|
+
Homepage / Documentation: https://orange-cyberdefense.github.io/rabid/
|
|
28
|
+
|
|
29
|
+
## Author
|
|
30
|
+
|
|
31
|
+
Made by Alexandre ZANNI ([@noraj](https://github.com/noraj)), pentester from Orange Cyberdefense.
|
data/bin/rabid
CHANGED
|
@@ -30,6 +30,7 @@ doc = <<~DOCOPT
|
|
|
30
30
|
rabid 'rd5o00000000000000000000ffffc0000201o80'
|
|
31
31
|
rabid 'CustomeCookieName=vi20010112000000000000000000000030.20480' --ipv6-long-format
|
|
32
32
|
rabid 'BIGipServer~SuperPool=rd3o20010112000000000000000000000030o80' --debug
|
|
33
|
+
rabid 'BIGipServerhttp-pool=!LHmYFDA0qZyj4NoylBEaDn0/k2wesiGt0ANZhWaAohjULoWFXRc1b/yfibypy1qfBzD51kqvmwzfcy4='
|
|
33
34
|
DOCOPT
|
|
34
35
|
|
|
35
36
|
begin
|
data/docs/About.md
CHANGED
|
@@ -2,10 +2,12 @@
|
|
|
2
2
|
|
|
3
3
|
# References
|
|
4
4
|
|
|
5
|
-
BigIP cookie decoding is done following the official
|
|
5
|
+
BigIP cookie decoding is done following the official method provided by F5: https://support.f5.com/csp/article/K6917
|
|
6
6
|
|
|
7
7
|
IPv6 URL format try to respect RFC2732: https://tools.ietf.org/html/rfc2732
|
|
8
8
|
|
|
9
|
+
Encrypted cookie format is detected from the example given by F5: https://support.f5.com/csp/article/K23254150
|
|
10
|
+
|
|
9
11
|
## Logo
|
|
10
12
|
|
|
11
|
-
Logo made with [DesignEvo](https://www.designevo.com).
|
|
13
|
+
Logo made with [DesignEvo](https://www.designevo.com).
|
data/docs/CHANGELOG.md
CHANGED
data/docs/README.md
CHANGED
|
@@ -1,5 +1,11 @@
|
|
|
1
1
|
# RABID
|
|
2
2
|
|
|
3
|
+
[](https://badge.fury.io/rb/rabid)
|
|
4
|
+
|
|
5
|
+
[](https://github.com/Orange-Cyberdefense/rabid/network)
|
|
6
|
+
[](https://github.com/Orange-Cyberdefense/rabid/stargazers)
|
|
7
|
+
[](https://github.com/Orange-Cyberdefense/rabid/blob/master/LICENSE.txt)
|
|
8
|
+
|
|
3
9
|
> **RA**pid **B**ig **I**P **D**ecoder
|
|
4
10
|
|
|
5
11
|
## What it is
|
|
@@ -11,3 +17,7 @@ A CLI tool and library allowing to simply decode all kind of BigIP cookies.
|
|
|
11
17
|
- Support all 4 cookie formats
|
|
12
18
|
- CLI tool & library
|
|
13
19
|
- Hackable
|
|
20
|
+
|
|
21
|
+
## Author
|
|
22
|
+
|
|
23
|
+
Made by Alexandre ZANNI ([@noraj](https://github.com/noraj)), pentester from Orange Cyberdefense.
|
data/docs/pages/demo.md
CHANGED
data/docs/pages/documentation.md
CHANGED
|
@@ -15,7 +15,7 @@ $ docsify serve docs
|
|
|
15
15
|
|
|
16
16
|
The output directory of the library documentation will be `docs/yard`.
|
|
17
17
|
|
|
18
|
-
You can consult it online [here](rabid/yard/).
|
|
18
|
+
You can consult it online [here](https://orange-cyberdefense.github.io/rabid/yard/).
|
|
19
19
|
|
|
20
20
|
### Building locally: for library users
|
|
21
21
|
|
data/docs/pages/install.md
CHANGED
|
@@ -8,12 +8,42 @@
|
|
|
8
8
|
$ gem install rabid
|
|
9
9
|
```
|
|
10
10
|
|
|
11
|
+
Gem: [rabid](https://rubygems.org/gems/rabid)
|
|
12
|
+
|
|
11
13
|
### Install from BlackArch
|
|
12
14
|
|
|
15
|
+
From the repository:
|
|
16
|
+
|
|
13
17
|
```
|
|
14
18
|
# pacman -S rabid
|
|
15
19
|
```
|
|
16
20
|
|
|
21
|
+
From git:
|
|
22
|
+
|
|
23
|
+
```
|
|
24
|
+
# blackman -i rabid
|
|
25
|
+
```
|
|
26
|
+
|
|
27
|
+
PKGBUILD: [rabid](https://github.com/BlackArch/blackarch/blob/master/packages/rabid/PKGBUILD)
|
|
28
|
+
|
|
29
|
+
### Install from ArchLinux
|
|
30
|
+
|
|
31
|
+
Manually:
|
|
32
|
+
|
|
33
|
+
```
|
|
34
|
+
$ git clone https://aur.archlinux.org/rabid.git
|
|
35
|
+
$ cd rabid
|
|
36
|
+
$ makepkg -sic
|
|
37
|
+
```
|
|
38
|
+
|
|
39
|
+
With an AUR helper ([Pacman wrappers](https://wiki.archlinux.org/index.php/AUR_helpers#Pacman_wrappers)), eg. pikaur:
|
|
40
|
+
|
|
41
|
+
```
|
|
42
|
+
$ pikaur -S rabid
|
|
43
|
+
```
|
|
44
|
+
|
|
45
|
+
AUR: [rabid](https://aur.archlinux.org/packages/rabid/)
|
|
46
|
+
|
|
17
47
|
## Development
|
|
18
48
|
|
|
19
49
|
It's better to use [rbenv](https://github.com/rbenv/rbenv) to have latests version of ruby and to avoid trashing your system ruby.
|
|
@@ -29,11 +59,11 @@ $ gem install --development rabid
|
|
|
29
59
|
Just replace `x.x.x` with the gem version you see after `gem build`.
|
|
30
60
|
|
|
31
61
|
```
|
|
32
|
-
$ git clone https://
|
|
62
|
+
$ git clone https://github.com/Orange-Cyberdefense/rabid.git rabid
|
|
33
63
|
$ cd rabid
|
|
34
64
|
$ gem install bundler
|
|
35
65
|
$ bundler install
|
|
36
|
-
$ gem build
|
|
66
|
+
$ gem build bigipcookie.gemspec
|
|
37
67
|
$ gem install rabid-x.x.x.gem
|
|
38
68
|
```
|
|
39
69
|
|
data/docs/pages/usage.md
CHANGED
|
@@ -24,6 +24,7 @@ Examples:
|
|
|
24
24
|
rabid 'rd5o00000000000000000000ffffc0000201o80'
|
|
25
25
|
rabid 'CustomeCookieName=vi20010112000000000000000000000030.20480' --ipv6-long-format
|
|
26
26
|
rabid 'BIGipServer~SuperPool=rd3o20010112000000000000000000000030o80' --debug
|
|
27
|
+
rabid 'BIGipServerhttp-pool=!LHmYFDA0qZyj4NoylBEaDn0/k2wesiGt0ANZhWaAohjULoWFXRc1b/yfibypy1qfBzD51kqvmwzfcy4='
|
|
27
28
|
```
|
|
28
29
|
|
|
29
30
|
## Library
|
|
@@ -50,4 +51,4 @@ Launch `irb` with the library loaded.
|
|
|
50
51
|
```
|
|
51
52
|
$ rabid_console
|
|
52
53
|
irb(main):001:0>
|
|
53
|
-
```
|
|
54
|
+
```
|
data/docs/why.md
CHANGED
|
@@ -6,21 +6,21 @@ Most of those tools provide only a CLI interface (no library) so it is getting h
|
|
|
6
6
|
|
|
7
7
|
Most of those tools only decode *IPv4 pool members*, no *IPv4 pool members in non-default route domains*, *IPv6 pool members* or *IPv6 pool members in non-default route domains*.
|
|
8
8
|
|
|
9
|
-
Name | IPv4 | IPv4 ndrd | IPv6 | IPv6 ndrd | CLI | Library | Online | Notes
|
|
10
|
-
|
|
11
|
-
RABID | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :x: |
|
|
12
|
-
[psmet/BIGip-cookie-decoder][1] | :heavy_check_mark: | :x: | :x: | :x: | :heavy_check_mark: | :x: | :x: |
|
|
13
|
-
[f5-cookie-encode-decode][2] | :heavy_check_mark: | :x: | :x: | :x: | :x: | :x: | :heavy_check_mark: |
|
|
14
|
-
[bigip-cookie-decoder][3] | :heavy_check_mark: | :x: | :x: | :x: | :x: | :x: | :x: | Google Chrome plugin, only on live targets
|
|
15
|
-
[big-ip-encoder-decoder][4] | :heavy_check_mark: | :x: | :x: | :x: | :x: | :x: | :heavy_check_mark: |
|
|
16
|
-
[DarkLighting/bigip-cookie-decoder][5] | :heavy_check_mark: | :x: | :x: | :x: | :heavy_check_mark: | :x: | :x: |
|
|
17
|
-
[vanshit/BigIP-Cookie-Decoder][6] | :heavy_check_mark: | :x: | :x: | :x: | :heavy_check_mark: | :x: | :x: |
|
|
18
|
-
[evict/BIG-IP-Cookie-decoding][7] | :x: | :heavy_check_mark: | :x: | :x: | :heavy_check_mark: | :x: | :x: |
|
|
19
|
-
[MooseDojo/BigCookie][8] | :heavy_check_mark: | :x: | :x: | :x: | :heavy_check_mark: | :x: | :x: |
|
|
20
|
-
[ezelf/f5_cookieLeaks][9] | :heavy_check_mark: | :x: | :x: | :x: | :heavy_check_mark: | :x: | :x: | only on live targets
|
|
21
|
-
[drwetter/F5-BIGIP-Decoder][10] | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :x: | :x: |
|
|
22
|
-
[f5_bigip_cookie_disclosure][11] (msf) | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :o: | :o: | :x: | only on live targets
|
|
23
|
-
[http-bigip-cookie][12] (nse) | :heavy_check_mark: | :x: | :x: | :x: | :heavy_check_mark: | :x: | :x: | only on live targets
|
|
9
|
+
Name | IPv4 | IPv4 ndrd | IPv6 | IPv6 ndrd | Enc :closed_lock_with_key: | CLI | Library | Online | Notes
|
|
10
|
+
---------------------------------------|--------------------|--------------------|--------------------|--------------------|----------------------------|--------------------|--------------------|--------------------|-------------------------------------------
|
|
11
|
+
RABID | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :x: |
|
|
12
|
+
[psmet/BIGip-cookie-decoder][1] | :heavy_check_mark: | :x: | :x: | :x: | :x: | :heavy_check_mark: | :x: | :x: |
|
|
13
|
+
[f5-cookie-encode-decode][2] | :heavy_check_mark: | :x: | :x: | :x: | :x: | :x: | :x: | :heavy_check_mark: |
|
|
14
|
+
[bigip-cookie-decoder][3] | :heavy_check_mark: | :x: | :x: | :x: | :x: | :x: | :x: | :x: | Google Chrome plugin, only on live targets
|
|
15
|
+
[big-ip-encoder-decoder][4] | :heavy_check_mark: | :x: | :x: | :x: | :x: | :x: | :x: | :heavy_check_mark: |
|
|
16
|
+
[DarkLighting/bigip-cookie-decoder][5] | :heavy_check_mark: | :x: | :x: | :x: | :x: | :heavy_check_mark: | :x: | :x: |
|
|
17
|
+
[vanshit/BigIP-Cookie-Decoder][6] | :heavy_check_mark: | :x: | :x: | :x: | :x: | :heavy_check_mark: | :x: | :x: |
|
|
18
|
+
[evict/BIG-IP-Cookie-decoding][7] | :x: | :heavy_check_mark: | :x: | :x: | :x: | :heavy_check_mark: | :x: | :x: |
|
|
19
|
+
[MooseDojo/BigCookie][8] | :heavy_check_mark: | :x: | :x: | :x: | :x: | :heavy_check_mark: | :x: | :x: |
|
|
20
|
+
[ezelf/f5_cookieLeaks][9] | :heavy_check_mark: | :x: | :x: | :x: | :x: | :heavy_check_mark: | :x: | :x: | only on live targets
|
|
21
|
+
[drwetter/F5-BIGIP-Decoder][10] | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :x: | :x: |
|
|
22
|
+
[f5_bigip_cookie_disclosure][11] (msf) | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :x: | :o: | :o: | :x: | only on live targets
|
|
23
|
+
[http-bigip-cookie][12] (nse) | :heavy_check_mark: | :x: | :x: | :x: | :x: | :heavy_check_mark: | :x: | :x: | only on live targets
|
|
24
24
|
|
|
25
25
|
Legend:
|
|
26
26
|
|
|
@@ -28,6 +28,7 @@ Legend:
|
|
|
28
28
|
- IPv4 ndrd: IPv4 pool members in non-default route domains
|
|
29
29
|
- IPv6: IPv6 pool members
|
|
30
30
|
- IPv6 ndrd: IPv6 pool members in non-default route domains
|
|
31
|
+
- Enc :closed_lock_with_key:: encrypted cookie detection
|
|
31
32
|
- :o:: partially
|
|
32
33
|
- msf: metasploit framework
|
|
33
34
|
- nse: nmap script engine
|
data/docs/yard/BigIPCookie.html
CHANGED
|
@@ -149,9 +149,9 @@
|
|
|
149
149
|
</div>
|
|
150
150
|
|
|
151
151
|
<div id="footer">
|
|
152
|
-
Generated on
|
|
152
|
+
Generated on Wed Jul 31 20:54:45 2019 by
|
|
153
153
|
<a href="http://yardoc.org" title="Yay! A Ruby Documentation Tool" target="_parent">yard</a>
|
|
154
|
-
0.9.20 (ruby-2.6.
|
|
154
|
+
0.9.20 (ruby-2.6.0).
|
|
155
155
|
</div>
|
|
156
156
|
|
|
157
157
|
</div>
|
|
@@ -772,9 +772,9 @@
|
|
|
772
772
|
</div>
|
|
773
773
|
|
|
774
774
|
<div id="footer">
|
|
775
|
-
Generated on
|
|
775
|
+
Generated on Wed Jul 31 20:54:45 2019 by
|
|
776
776
|
<a href="http://yardoc.org" title="Yay! A Ruby Documentation Tool" target="_parent">yard</a>
|
|
777
|
-
0.9.20 (ruby-2.6.
|
|
777
|
+
0.9.20 (ruby-2.6.0).
|
|
778
778
|
</div>
|
|
779
779
|
|
|
780
780
|
</div>
|
data/docs/yard/Version.html
CHANGED
|
@@ -116,9 +116,9 @@
|
|
|
116
116
|
</div>
|
|
117
117
|
|
|
118
118
|
<div id="footer">
|
|
119
|
-
Generated on
|
|
119
|
+
Generated on Wed Jul 31 20:54:45 2019 by
|
|
120
120
|
<a href="http://yardoc.org" title="Yay! A Ruby Documentation Tool" target="_parent">yard</a>
|
|
121
|
-
0.9.20 (ruby-2.6.
|
|
121
|
+
0.9.20 (ruby-2.6.0).
|
|
122
122
|
</div>
|
|
123
123
|
|
|
124
124
|
</div>
|
data/docs/yard/_index.html
CHANGED
|
@@ -128,9 +128,9 @@
|
|
|
128
128
|
</div>
|
|
129
129
|
|
|
130
130
|
<div id="footer">
|
|
131
|
-
Generated on
|
|
131
|
+
Generated on Wed Jul 31 20:54:45 2019 by
|
|
132
132
|
<a href="http://yardoc.org" title="Yay! A Ruby Documentation Tool" target="_parent">yard</a>
|
|
133
|
-
0.9.20 (ruby-2.6.
|
|
133
|
+
0.9.20 (ruby-2.6.0).
|
|
134
134
|
</div>
|
|
135
135
|
|
|
136
136
|
</div>
|
data/docs/yard/file.LICENSE.html
CHANGED
|
@@ -60,9 +60,9 @@
|
|
|
60
60
|
<div id="content"><div id='filecontents'>The MIT License (MIT)<br/><br/>Copyright (c) 2019 Alexandre ZANNI<br/><br/>Permission is hereby granted, free of charge, to any person obtaining a copy<br/>of this software and associated documentation files (the "Software"), to deal<br/>in the Software without restriction, including without limitation the rights<br/>to use, copy, modify, merge, publish, distribute, sublicense, and/or sell<br/>copies of the Software, and to permit persons to whom the Software is<br/>furnished to do so, subject to the following conditions:<br/><br/>The above copyright notice and this permission notice shall be included in<br/>all copies or substantial portions of the Software.<br/><br/>THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR<br/>IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,<br/>FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE<br/>AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER<br/>LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,<br/>OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN<br/>THE SOFTWARE.</div></div>
|
|
61
61
|
|
|
62
62
|
<div id="footer">
|
|
63
|
-
Generated on
|
|
63
|
+
Generated on Wed Jul 31 20:54:45 2019 by
|
|
64
64
|
<a href="http://yardoc.org" title="Yay! A Ruby Documentation Tool" target="_parent">yard</a>
|
|
65
|
-
0.9.20 (ruby-2.6.
|
|
65
|
+
0.9.20 (ruby-2.6.0).
|
|
66
66
|
</div>
|
|
67
67
|
|
|
68
68
|
</div>
|
data/docs/yard/file.README.html
CHANGED
|
@@ -57,51 +57,31 @@
|
|
|
57
57
|
<div class="clear"></div>
|
|
58
58
|
</div>
|
|
59
59
|
|
|
60
|
-
<div id="content"><div id='filecontents'><h1>RABID
|
|
61
|
-
|
|
62
|
-
<
|
|
63
|
-
|
|
64
|
-
|
|
65
|
-
|
|
66
|
-
|
|
67
|
-
|
|
68
|
-
|
|
69
|
-
|
|
70
|
-
|
|
71
|
-
|
|
72
|
-
|
|
73
|
-
|
|
74
|
-
|
|
75
|
-
|
|
76
|
-
|
|
77
|
-
|
|
78
|
-
|
|
79
|
-
...',,,,,,,,,,,,,,,,,,,,,,,,,,,,,'',,,'..;okXWd.',,,,,,,,,,,,,.
|
|
80
|
-
.','..'''',,,,,,,,,,,,,,,,,,,,,,,,'..;lONMMMNl.',,,,,,,,,',,,..
|
|
81
|
-
.''..'....,,,,,,,,,,,,,,,,',,'...'cxXWMMMMMO..'',,,,,,,,,,,,'.
|
|
82
|
-
.''.,O0xl;'..'',,',,,,,,,,''..,okKWWWMMMWWO, .,',,,,,,,,,,,,,'.
|
|
83
|
-
.,..dWWMWKko:,..'',,,,,'..':kNWWWWWWWWWKo'..',,,,,,,,,,,,','.
|
|
84
|
-
.',',dNMMMMWWXOc..',,,,'..;dOKXNNWWNXOo,..',,',,,,,,,,,,,,'.
|
|
85
|
-
.,,'';oOKNNX0x:..,,,,,,,'...',;;:::;'.',,,,,,,,,,,,',,','.
|
|
86
|
-
..,,,'..,::;,'',,,,,,,,,'',,,''''.''',,,,,,,,,,,,,,,,,,'.
|
|
87
|
-
..,,,,,,,,''',,,,,,,,,'....,;::c:,'...',,,,,',,'',,,,'.
|
|
88
|
-
.',,,,,,',,,,,,''',;:coxOKNWWMWNKk:...,,,,,',,,,,,'.
|
|
89
|
-
.'',,,,,,,,'.,coOXNWWMMMW0xddk0K0x. .',',,,,,,,'..
|
|
90
|
-
..',',,'';lxKWMWNX0OkkkxdokOddoc,. .,,,,,,,,'.
|
|
91
|
-
..',,'.oNWNK00OOOO0KNNWMMWWWMWXk'.',,,,,,'.
|
|
92
|
-
..',.'xNNXXXXK00OOkkkkkkkxxxd:'.',,,,'..
|
|
93
|
-
...;dolc:;,,''...........'',,,''..
|
|
94
|
-
....'',,,,,,,,,,,,,,,,'''...
|
|
95
|
-
..................
|
|
96
|
-
|
|
97
|
-
|
|
98
|
-
</code></pre>
|
|
60
|
+
<div id="content"><div id='filecontents'><h1>RABID</h1>
|
|
61
|
+
|
|
62
|
+
<p><img src="https://orange-cyberdefense.github.io/rabid/_media/logo.png" alt=""></p>
|
|
63
|
+
|
|
64
|
+
<blockquote>
|
|
65
|
+
<p><strong>RA</strong>pid <strong>B</strong>ig <strong>I</strong>P <strong>D</strong>ecoder</p>
|
|
66
|
+
</blockquote>
|
|
67
|
+
|
|
68
|
+
<h2>What it is</h2>
|
|
69
|
+
|
|
70
|
+
<p>A CLI tool and library allowing to simply decode all kind of BigIP cookies.</p>
|
|
71
|
+
|
|
72
|
+
<h2>Features</h2>
|
|
73
|
+
|
|
74
|
+
<ul>
|
|
75
|
+
<li>Support all 4 cookie formats</li>
|
|
76
|
+
<li>CLI tool & library</li>
|
|
77
|
+
<li>Hackable</li>
|
|
78
|
+
</ul>
|
|
99
79
|
</div></div>
|
|
100
80
|
|
|
101
81
|
<div id="footer">
|
|
102
|
-
Generated on
|
|
82
|
+
Generated on Wed Jul 31 20:54:45 2019 by
|
|
103
83
|
<a href="http://yardoc.org" title="Yay! A Ruby Documentation Tool" target="_parent">yard</a>
|
|
104
|
-
0.9.20 (ruby-2.6.
|
|
84
|
+
0.9.20 (ruby-2.6.0).
|
|
105
85
|
</div>
|
|
106
86
|
|
|
107
87
|
</div>
|
data/docs/yard/index.html
CHANGED
|
@@ -57,51 +57,31 @@
|
|
|
57
57
|
<div class="clear"></div>
|
|
58
58
|
</div>
|
|
59
59
|
|
|
60
|
-
<div id="content"><div id='filecontents'><h1>RABID
|
|
61
|
-
|
|
62
|
-
<
|
|
63
|
-
|
|
64
|
-
|
|
65
|
-
|
|
66
|
-
|
|
67
|
-
|
|
68
|
-
|
|
69
|
-
|
|
70
|
-
|
|
71
|
-
|
|
72
|
-
|
|
73
|
-
|
|
74
|
-
|
|
75
|
-
|
|
76
|
-
|
|
77
|
-
|
|
78
|
-
|
|
79
|
-
...',,,,,,,,,,,,,,,,,,,,,,,,,,,,,'',,,'..;okXWd.',,,,,,,,,,,,,.
|
|
80
|
-
.','..'''',,,,,,,,,,,,,,,,,,,,,,,,'..;lONMMMNl.',,,,,,,,,',,,..
|
|
81
|
-
.''..'....,,,,,,,,,,,,,,,,',,'...'cxXWMMMMMO..'',,,,,,,,,,,,'.
|
|
82
|
-
.''.,O0xl;'..'',,',,,,,,,,''..,okKWWWMMMWWO, .,',,,,,,,,,,,,,'.
|
|
83
|
-
.,..dWWMWKko:,..'',,,,,'..':kNWWWWWWWWWKo'..',,,,,,,,,,,,','.
|
|
84
|
-
.',',dNMMMMWWXOc..',,,,'..;dOKXNNWWNXOo,..',,',,,,,,,,,,,,'.
|
|
85
|
-
.,,'';oOKNNX0x:..,,,,,,,'...',;;:::;'.',,,,,,,,,,,,',,','.
|
|
86
|
-
..,,,'..,::;,'',,,,,,,,,'',,,''''.''',,,,,,,,,,,,,,,,,,'.
|
|
87
|
-
..,,,,,,,,''',,,,,,,,,'....,;::c:,'...',,,,,',,'',,,,'.
|
|
88
|
-
.',,,,,,',,,,,,''',;:coxOKNWWMWNKk:...,,,,,',,,,,,'.
|
|
89
|
-
.'',,,,,,,,'.,coOXNWWMMMW0xddk0K0x. .',',,,,,,,'..
|
|
90
|
-
..',',,'';lxKWMWNX0OkkkxdokOddoc,. .,,,,,,,,'.
|
|
91
|
-
..',,'.oNWNK00OOOO0KNNWMMWWWMWXk'.',,,,,,'.
|
|
92
|
-
..',.'xNNXXXXK00OOkkkkkkkxxxd:'.',,,,'..
|
|
93
|
-
...;dolc:;,,''...........'',,,''..
|
|
94
|
-
....'',,,,,,,,,,,,,,,,'''...
|
|
95
|
-
..................
|
|
96
|
-
|
|
97
|
-
|
|
98
|
-
</code></pre>
|
|
60
|
+
<div id="content"><div id='filecontents'><h1>RABID</h1>
|
|
61
|
+
|
|
62
|
+
<p><img src="https://orange-cyberdefense.github.io/rabid/_media/logo.png" alt=""></p>
|
|
63
|
+
|
|
64
|
+
<blockquote>
|
|
65
|
+
<p><strong>RA</strong>pid <strong>B</strong>ig <strong>I</strong>P <strong>D</strong>ecoder</p>
|
|
66
|
+
</blockquote>
|
|
67
|
+
|
|
68
|
+
<h2>What it is</h2>
|
|
69
|
+
|
|
70
|
+
<p>A CLI tool and library allowing to simply decode all kind of BigIP cookies.</p>
|
|
71
|
+
|
|
72
|
+
<h2>Features</h2>
|
|
73
|
+
|
|
74
|
+
<ul>
|
|
75
|
+
<li>Support all 4 cookie formats</li>
|
|
76
|
+
<li>CLI tool & library</li>
|
|
77
|
+
<li>Hackable</li>
|
|
78
|
+
</ul>
|
|
99
79
|
</div></div>
|
|
100
80
|
|
|
101
81
|
<div id="footer">
|
|
102
|
-
Generated on
|
|
82
|
+
Generated on Wed Jul 31 20:54:45 2019 by
|
|
103
83
|
<a href="http://yardoc.org" title="Yay! A Ruby Documentation Tool" target="_parent">yard</a>
|
|
104
|
-
0.9.20 (ruby-2.6.
|
|
84
|
+
0.9.20 (ruby-2.6.0).
|
|
105
85
|
</div>
|
|
106
86
|
|
|
107
87
|
</div>
|
|
@@ -102,9 +102,9 @@
|
|
|
102
102
|
</div>
|
|
103
103
|
|
|
104
104
|
<div id="footer">
|
|
105
|
-
Generated on
|
|
105
|
+
Generated on Wed Jul 31 20:54:45 2019 by
|
|
106
106
|
<a href="http://yardoc.org" title="Yay! A Ruby Documentation Tool" target="_parent">yard</a>
|
|
107
|
-
0.9.20 (ruby-2.6.
|
|
107
|
+
0.9.20 (ruby-2.6.0).
|
|
108
108
|
</div>
|
|
109
109
|
|
|
110
110
|
</div>
|
data/lib/bigipcookie.rb
CHANGED
|
@@ -164,6 +164,10 @@ class BigIPCookie
|
|
|
164
164
|
return "[#{ip}%#{id}]:#{port}"
|
|
165
165
|
end
|
|
166
166
|
|
|
167
|
+
def encrypted(cookie)
|
|
168
|
+
return 'Unknown:Encrypted'
|
|
169
|
+
end
|
|
170
|
+
|
|
167
171
|
# Automatically detect the BigIP cookie type
|
|
168
172
|
# @param cookie [String] raw cookie value
|
|
169
173
|
# @return [Integer] detected cookie code (mapped with {decode_cookie})
|
|
@@ -181,6 +185,9 @@ class BigIPCookie
|
|
|
181
185
|
## IPv6 pool members in non-default route domains
|
|
182
186
|
return 601 if /rd([0-9]+)o([0-9a-zA-Z]{32})o([0-9]{1,5})/.match?(cookie)
|
|
183
187
|
|
|
188
|
+
## Encrypted
|
|
189
|
+
return 999 if /!(?:[A-Za-z0-9+\/]{4})*(?:[A-Za-z0-9+\/]{2}==|[A-Za-z0-9+\/]{3}=)?/.match?(cookie)
|
|
190
|
+
|
|
184
191
|
raise 'Unrecognized cookie'
|
|
185
192
|
end
|
|
186
193
|
|
|
@@ -202,6 +209,9 @@ class BigIPCookie
|
|
|
202
209
|
elsif number == 601
|
|
203
210
|
@cookie_type = 'IPv6 pool members in non-default route domains'
|
|
204
211
|
ipv6_pm_ndrd(cookie, opts)
|
|
212
|
+
elsif number == 999
|
|
213
|
+
@cookie_type = 'Encrypted'
|
|
214
|
+
encrypted(cookie)
|
|
205
215
|
else
|
|
206
216
|
raise "Wrong cookie type numer: #{number}"
|
|
207
217
|
end
|
|
@@ -241,6 +251,6 @@ class BigIPCookie
|
|
|
241
251
|
|
|
242
252
|
private :retrieve_pool_name, :decode_cookie, :detect_cookie_type,
|
|
243
253
|
:ipv6_pm_ndrd, :ipv6_pm, :ipv4_pm_ndrd, :ipv4_pm, :decode_port,
|
|
244
|
-
:decode_ip
|
|
254
|
+
:decode_ip, :encrypted
|
|
245
255
|
end
|
|
246
256
|
end
|
data/lib/bigipcookie/version.rb
CHANGED
data/test/test_bigipcookie.rb
CHANGED
|
@@ -51,4 +51,15 @@ class BigIPCookieTest < Minitest::Test
|
|
|
51
51
|
# Cookie type
|
|
52
52
|
assert_equal('IPv6 pool members in non-default route domains', bip.cookie_type)
|
|
53
53
|
end
|
|
54
|
+
|
|
55
|
+
def test_encrypted
|
|
56
|
+
bip = BigIPCookie::Decode.new('BIGipServerhttp-pool=!LHmYFDA0qZyj4NoylBEaDn0/k2wesiGt0ANZhWaAohjULoWFXRc1b/yfibypy1qfBzD51kqvmwzfcy4=')
|
|
57
|
+
bip.auto_decode
|
|
58
|
+
# Decoded cookie
|
|
59
|
+
assert_equal('Unknown:Encrypted', bip.decoded_cookie)
|
|
60
|
+
# Pool name
|
|
61
|
+
assert_equal('http-pool', bip.pool_name)
|
|
62
|
+
# Cookie type
|
|
63
|
+
assert_equal('Encrypted', bip.cookie_type)
|
|
64
|
+
end
|
|
54
65
|
end
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: rabid
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.0.
|
|
4
|
+
version: 0.0.2
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Alexandre ZANNI
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2019-
|
|
11
|
+
date: 2019-10-03 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: docopt
|
|
@@ -168,7 +168,6 @@ files:
|
|
|
168
168
|
- LICENSE.txt
|
|
169
169
|
- README.md
|
|
170
170
|
- Rakefile
|
|
171
|
-
- bigipcookie.gemspec
|
|
172
171
|
- bin/rabid
|
|
173
172
|
- bin/rabid_console
|
|
174
173
|
- bin/rabid_setup
|
data/bigipcookie.gemspec
DELETED
|
@@ -1,49 +0,0 @@
|
|
|
1
|
-
# frozen_string_literal: true
|
|
2
|
-
|
|
3
|
-
lib = File.expand_path('lib', __dir__)
|
|
4
|
-
$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
|
|
5
|
-
require 'bigipcookie/version'
|
|
6
|
-
|
|
7
|
-
Gem::Specification.new do |s|
|
|
8
|
-
s.name = 'rabid'
|
|
9
|
-
s.version = Version::VERSION
|
|
10
|
-
s.platform = Gem::Platform::RUBY
|
|
11
|
-
s.date = '2019-07-16'
|
|
12
|
-
s.summary = 'RApid Big IP Decoder'
|
|
13
|
-
s.description = 'A library and CLI tool allowing to decode all 4 types'\
|
|
14
|
-
' of BigIP cookies'
|
|
15
|
-
s.authors = ['Alexandre ZANNI']
|
|
16
|
-
s.email = 'alexandre.zanni@engineer.com'
|
|
17
|
-
s.homepage = 'https://orange-cyberdefense.github.io/rabid/'
|
|
18
|
-
s.license = 'MIT'
|
|
19
|
-
|
|
20
|
-
s.files = `git ls-files`.split("\n")
|
|
21
|
-
s.executables = `git ls-files -- bin/*`.split("\n").map { |f|
|
|
22
|
-
File.basename(f)
|
|
23
|
-
}
|
|
24
|
-
s.test_files = s.files.grep(%r{^(test)/})
|
|
25
|
-
s.require_paths = ['lib']
|
|
26
|
-
|
|
27
|
-
s.metadata = {
|
|
28
|
-
'yard.run' => 'yard',
|
|
29
|
-
'bug_tracker_uri' => 'https://github.com/Orange-Cyberdefense/rabid/issues',
|
|
30
|
-
'changelog_uri' => 'https://github.com/Orange-Cyberdefense/rabid/blob/master/docs/CHANGELOG.md',
|
|
31
|
-
'documentation_uri' => 'https://orange-cyberdefense.github.io/rabid/',
|
|
32
|
-
'homepage_uri' => 'https://orange-cyberdefense.github.io/rabid/',
|
|
33
|
-
'source_code_uri' => 'https://github.com/Orange-Cyberdefense/rabid/',
|
|
34
|
-
}
|
|
35
|
-
|
|
36
|
-
s.required_ruby_version = '~> 2.4'
|
|
37
|
-
|
|
38
|
-
s.add_runtime_dependency('docopt', '~> 0.6') # for argument parsing
|
|
39
|
-
s.add_runtime_dependency('paint', '~> 2.1') # for colorized ouput
|
|
40
|
-
|
|
41
|
-
s.add_development_dependency('bundler', '~> 2.0')
|
|
42
|
-
s.add_development_dependency('commonmarker', '~> 0.18') # for GMF support in YARD
|
|
43
|
-
s.add_development_dependency('github-markup', '~> 3.0') # for GMF support in YARD
|
|
44
|
-
s.add_development_dependency('minitest', '~> 5.11')
|
|
45
|
-
s.add_development_dependency('rake', '~> 12.3')
|
|
46
|
-
s.add_development_dependency('redcarpet', '~> 3.4') # for GMF support in YARD
|
|
47
|
-
s.add_development_dependency('rubocop', '~> 0.63')
|
|
48
|
-
s.add_development_dependency('yard', '~> 0.9')
|
|
49
|
-
end
|