Ugh, this is why I end up coding in mostly microsoft products....versioning of the tools itself.
Granted, I love open source but I also hate when I end up fixing syntax because I'm always using an IDE or verion of tools not used by the codes original authors. You can try to guess what version of python or cygwin or whatever scripting language/compiler they are using but eventually you just end up fixing the syntax of their code so you can make it work.
Anyways. If you are looking to decode F5 BigIP cookie entries... here is the following updated python script that will work with 3.3.
It was found at http://blog.taddong.com/2011/12/cookie-decoder-f5-big-ip.html
but here is the updated code for python 3.x.x. (I was using 3.2.3 at the time)
#!/usr/bin/env python
# Description:
# Python script to decode F5 BIG-IP persistent cookies
#
# Author: Raul Siles (raul _AT_ taddong _DOT_ com)
# Taddong (www.taddong.com)
# Date: 2011-12-06
# Version: 0.1
# Revised: Python version 3.x.x - James Murray (jamesmurrayga _@_ hotmail _DOT_ com)
# URL: http://www.taddong.com/tools/BIG-IP_cookie_decoder.py
# F5: http://support.f5.com/kb/en-us/solutions/public/6000/900/sol6917.html
# Fix: http://support.f5.com/kb/en-us/solutions/public/7000/700/sol7784.html
# Credits: (based on)
# http://penturalabs.wordpress.com/2011/03/29/how-to-decode-big-ip-f5-persistence-cookie-values/
# Example cookie value (encoded string): 1677787402.36895.0000
import struct
import sys
if len(sys.argv) != 2:
print ("Usage: %s cookie_value" % sys.argv[0])
exit(1)
encoded_string = sys.argv[1]
print ("\n[*] String to decode: %s\n" % encoded_string)
(host, port, end) = encoded_string.split('.')
print (host, port, end)
# Hexadecimal details:
(a, b, c, d) = struct.pack("<I", int(host))
#print "HOST: 0x%02X 0x%02X 0x%02X 0x%02X\n" % (a,b,c,d)
(v) = struct.pack("<H", int(port))
p = "0x%02X%02X" % (v[0],v[1])
#print "PORT: %s\n" % p
#
print ("[*] Decoded IP: %s.%s.%s.%s" % (a,b,c,d))
print ("[*] Decoded port: %s\n" % (int(p,16)))
