Skip to content
Python application to decrypt Netscaler Load Balancer Persistence Cookies
Python JavaScript Ruby
Branch: master
Clone or download

Netscaler Cookie Decryptor by @catalyst256

This python script will take a Citrix Netscaler persistence cookie and decrypt the values. This will allow you to determine the internal addresses of a Netscaler load balanced website. Typically Netscaler cookies start with NSC_

THis is an example of a Netscaler Cookie from the internet:


You can then run this through the Netscaler Cookie Decryptor using from the command line: NSC_Qspe-xxx.bwjwb.dp.vl-IUUQ=ffffffff50effd8445525d5f4f58455e445a4a423660

This would return you the following:

Server Server IP= Server Port=80

This code will work on Windows (tested) and Linux (tested) and probably OSX (not tested).

Thanks to: Alejandro Nolla Blanco - - @z0mbiehunt3r - for the inspiration to write this and for adding the error correction. Daniel Grootveld - - @shDaniell - for helping with the XOR method of decryption, adding the service port decryption and for making my regex more robust.

You can’t perform that action at this time.