Script http-bigip-cookie

Script types: portrule
Categories: discovery, safe
Download: https://svn.nmap.org/nmap/scripts/http-bigip-cookie.nse

Script Summary

Decodes any unencrypted F5 BIG-IP cookies in the HTTP response. BIG-IP cookies contain information on backend systems such as internal IP addresses and port numbers. See here for more info: https://support.f5.com/csp/article/K6917

Script Arguments

http-bigip-cookie.path

The URL path to request. The default path is "/".

slaxml.debug

See the documentation for the slaxml library.

http.host, http.max-body-size, http.max-cache-size, http.max-pipeline, http.pipeline, http.truncated-ok, http.useragent

See the documentation for the http library.

smbdomain, smbhash, smbnoguest, smbpassword, smbtype, smbusername

See the documentation for the smbauth library.

Example Usage

nmap -p <port> --script http-bigip-cookie <target>

Script Output

PORT    STATE SERVICE
80/tcp  open  http
| http-bigip-cookie:
|   BIGipServer<pool_name>:
|     address:
|       host: 10.1.1.100
|       type: ipv4
|_    port: 8080

Requires

• http
• shortport
• stdnse
• table

---

Author:

• Seth Jackson

License: Same as Nmap--See https://nmap.org/book/man-legal.html