Home

Awesome

Burp suite Extension BigIPDiscover

Language/Japanese

This tool is an extension of PortSwigger product Burp Suite.

It corresponds to Scanner of Burp Professional Edition. Also, even in the case of the Burp Community Edition, it can be detected by using the History function of Proxy.

Overview

The cookie set by BIG-IP of F5 Networks may include a private IP, which is an extension to detect that IP.

For details of vulnerability, see below.

Examples

BIGipServer<pool_name>=1677787402.36895.0000
BIGipServer<pool_name>=vi20010112000000000000000000000030.20480
BIGipServer<pool_name>=rd5o00000000000000000000ffffc0000201o80
BIGipServer<pool_name>=rd3o20010112000000000000000000000030o80

How to Use

The Burp suite Extender can be read by the following procedure.

  1. Click [add] on the [Extender] tab
  2. Click [Select file ...] and select BigIPDiscover.jar.
  3. Click [Next], confirm that no error is occurring, and close the dialog with [Close].

Configuration

When you read the extension, the [BIG-IP Cookie] tab is displayed. There are tabs of [Decrypt] and [Options] here and it is possible to set up etc from here.

Decrypt Tab

Decrypt the value of Encrypted BigIP. After specifying Decrypt in the upper input field, clicking the [Decrypt] button, the decrypted value becomes It is displayed in the lower input field.

Decrypt Tab

Options Tab

Configure scan options for BigIP.

Options Tab

Scan Header

Specify the scan target.

Detection Option

Detection target setting

Free version scan option

This setting is valid only for Free version.

Command line options

It is possible to decode cookie values from the command line.

java -jar BigIpDiscover.jar -d <encrypt>

Specify the cookie you want to decode to <encrypt>.

For example.

java -jar BigIpDiscover.jar -d BIGipServer16122=1677787402.36895.0000
IP addres: 10.1.1.100:8080
PrivateIP: true

build

gradlew release

Required library

Building requires a BurpExtensionCommons library.

Use Library

Operation is confirmed with the following versions.

important

This tool developed by my own personal use, PortSwigger company is not related at all. Please do not ask PortSwigger about problems, etc. caused by using this tool.