CirrusThanks John, Very Very informative! You said that if we capture cookies then we can reverse engineer. So how can we capture the cookie? Thanks, Aditya
NimbostratusThanks John, Very Very informative! You said that if we capture cookies then we can reverse engineer. So how can we capture the cookie? Thanks, Aditya
NimbostratusHow did you convert the port number?
@Aditya, great question! If you want to capture the cookie on your browser, you can right click on the page and open the "inspect" feature and look at application cookies. You can see all the cookies on your browser from there. Keep in mind each browser will store its own cookies, so this list will be browser-specific. If you are wanting to capture all the cookies on the BIG-IP, then you can run an iRule to check them all out. Here's a link to an iRule that should help with that: https://devcentral.f5.com/codeshare?sid=631
@MSZ, the port number is converted the same way as the IP address. You convert to hexadecimal, then reverse order the hex numbers, then convert to decimal. If the port number is less than 256, the first two hex digits (prior to reverse ordering) are 0x00. The later part of the video above (starting at about the 6:30 mark) shows the calculation on port number. Hope this helps!
NimbostratusHow many cookies are created noramlly for application?
@MSZ, great question! Each application developer can set cookie limits as desired, so it depends on how the application is designed as to how many cookies there are. As for browsers, each one is a little different, but they all can typically handle at least 4096 bytes of cookies per domain. Here's an interesting article that gives a little more info: https://www.thoughtco.com/cookie-limit-per-domain-3466809
CirrusHi John,
As we see that by reverse engineering it is possible to see the IP address and port of the Server via the cookie. So is there a way to mask the IP & Port in the cookie so that the public users cannot re-engineer the IP of the server (for security purpose) ?
Thanks, Aditya
NimbostratusHi John,
As we see that by reverse engineering it is possible to see the IP address and port of the Server via the cookie. So is there a way to mask the IP & Port in the cookie so that the public users cannot re-engineer the IP of the server (for security purpose) ?
Thanks, Aditya
Aditya, great question. The way to hide the contents of the cookie is to encrypt the cookie, and the BIG-IP allows for cookie encryption. When encrypted, the cookie contents are not readable. Here's more information on cookie encryption: https://support.f5.com/csp/article/K14784
