id: unencrypted-bigip-ltm-cookie info: name: F5 BIGIP Unencrypted Cookie author: PR3R00T severity: info reference: https://www.intelisecure.com/how-to-decode-big-ip-f5-persistence-cookie-values mitigation: https://support.f5.com/csp/article/K23254150 requests: - method: GET path: - "{{BaseURL}}" redirects: true matchers: - type: regex regex: - '(BIGipServer[a-z\_\.\-\~0-9A-Z]*)=([0-9a-zA-Z\.]*;)' - '=[0-9]*\.[0-9]{3,5}\.[0-9]{4};' part: header