-
Notifications
You must be signed in to change notification settings - Fork 0
/
f5-cookie-monster.ps1
148 lines (100 loc) · 4.25 KB
/
f5-cookie-monster.ps1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
###### BIG-IP COOKIE DECODER - 2015
# Based on original code for Getting Cookies Using Powershell
# https://gallery.technet.microsoft.com/scriptcenter/Getting-Cookies-using-3c373c7e
#
# Big-IP Decoding instructions found at
# https://support.f5.com/kb/en-us/solutions/public/6000/900/sol6917.html
# Solution: enable encrypted cookies
# Modified by Jabo
param (
[string]$url = $( Read-Host "Input server url, please" )
)
$attempts = 10
[array]$resultarray = ""
function cookiemonster{
$x = @"
.---. .---.
: : o : me want cookie!
_..-: o : :-.._ /
.-'' ' ``---' ``---' " ``-.
.' " ' " . " . ' " ``.
: '.---.,,.,...,.,.,.,..---. ' ;
`. " ``. .' " .'
`. '``. .' ' .'
`. ``-._ _.-' " .' .----.
`. " '"--...--"' . ' .' .' o `.
.'`-._' " . " _.-'``. : o :
jgs .' ```--.....--''' ' `:_ o :
.' " ' " " ; ``.;";";";'
; ' " ' . ; .' ; ; ;
; ' ' ' " .' .-'
' " " ' " " _.-'
"@
echo $x
}
######################### START HERE #########################
# $tempurl = read-host -prompt "Enter a URL to check: "
# if ( $tempurl ){ $url = $tempurl}
echo "`n`n--------------------------------------------------------------`n`nTESTING $url`n`n--------------------------------------------------------------`n"
cookiemonster
add-type @"
using System.Net;
using System.Security.Cryptography.X509Certificates;
public class TrustAllCertsPolicy : ICertificatePolicy {
public bool CheckValidationResult(
ServicePoint srvPoint, X509Certificate certificate,
WebRequest request, int certificateProblem) {
return true;
}
}
"@
[System.Net.ServicePointManager]::CertificatePolicy = New-Object TrustAllCertsPolicy
foreach ($number in 1..$attempts){
$webrequest = Invoke-WebRequest -Uri $url -SessionVariable websession -UseBasicParsing -TimeoutSec 3
$cookies = $websession.Cookies.GetCookies($url)
function COOKIE_MONSTER([string]$cookienom) {
#first we split the cookie into parts divided by periods
$cookie_crumble = $cookienom.split(".")
# IP ADDRESS
# Write-Output "Cookie Part 1: $($cookie_crumble[0])"
# PORT NUMBER
# Write-Output "Cookie Part 2: $($cookie_crumble[1])"
# NOT USED
# Write-Output "Cookie Part 3: $($cookie_crumble[2])"
### FIRST LET'S DO THE IP CONVERSION
#convert the decimal integer into hex
$cookie_server_hex = [convert]::ToString($($cookie_crumble[0]),16)
#now split into hex (2-chars each)
$cookie_server_hex_array = $cookie_server_hex -split '(..)' | ? { $_ }
#reverse ordering and convert back to int
$octet_a = [convert]::ToInt32("$($cookie_server_hex_array[3])",16)
$octet_b = [convert]::ToInt32("$($cookie_server_hex_array[2])",16)
$octet_c = [convert]::ToInt32("$($cookie_server_hex_array[1])",16)
$octet_d = [convert]::ToInt32("$($cookie_server_hex_array[0])",16)
#DEBUG write-output "Internal IP for server is $octet_a.$octet_b.$octet_c.$octet_d"
### OK NOW LET'S SEE WHAT PORT IT'S ON
#convert the decimal integer into hex
$cookie_port_hex = [convert]::ToString($($cookie_crumble[1]),16)
#now split into hex (2-chars each)
$cookie_port_hex_array = $cookie_port_hex -split '(..)' | ? { $_ }
$encodedport = "$($cookie_port_hex_array[1])$($cookie_port_hex_array[0])"
$portnumber = [convert]::ToInt32($encodedport,16)
#DEBUG Write-Output "Port is $portnumber"
return "$octet_a.$octet_b.$octet_c.$octet_d`:$portnumber"
}
foreach ($cookie in $cookies) {
# You can get cookie specifics, or just use $cookie
# This gets each cookie's name and value
if ( $($cookie.name) -like "BIGipServer*" ) {
write-host "BIG-IP COOKIE FOUND!!! Cookie value is $($cookie.value)"
write-host "NOM NOM NOM NOM NOM NOM NOM NOM NOM NOM NOM"
$nomnomcookies = COOKIE_MONSTER $($cookie.value)
write-host "FOUND $nomnomcookies"
$resultarray += "$nomnomcookies"
}
}
#end of foreach loop
}
echo "`n------------------------------------------------------------"
echo "`nFINAL RESULTS:"
echo $($resultarray | sort | get-unique)