The F5 cookie decoder doesn't detect IPs in the 10.x.x.x space for non-encrypted cookies.

drwetter · drwetter · commit 6110843fd0cc · 2024-10-09T15:47:50.000+02:00
This fixes the regex pattern, see also https://github.com/drwetter/F5-BIGIP-Decoder/pull/4/files
diff --git a/testssl.sh b/testssl.sh
@@ -3284,7 +3284,7 @@ sub_f5_bigip_check() {
           [[ -z "$cookievalue" ]] && break
           cookievalue=${cookievalue/;/}
           debugme echo $cookiename : $cookievalue
-          if grep -Eq '[0-9]{9,10}\.[0-9]{3,5}\.0000' <<< "$cookievalue"; then
+          if grep -Eq '[0-9]{8,10}\.[0-9]{3,5}\.0000' <<< "$cookievalue"; then
                ip="$(f5_ip_oldstyle "$cookievalue")"
                port="$(f5_port_decode $cookievalue)"
                out "${spaces}F5 cookie (default IPv4 pool member): "; pr_italic "$cookiename "; prln_svrty_medium "${ip}:${port}"
