redstr-server 0.1.3

HTTP API server for redstr string transformations
redstr-server-0.1.3 is not a library.

redstr-server

A simple HTTP API server for redstr string transformations. This server provides a REST API that allows external tools to use redstr's transformation functions over HTTP.

Features

  • Zero-dependency HTTP server (uses only Rust standard library)
  • REST API with JSON request/response
  • CORS enabled for browser access
  • Simple request/response format
  • Thread-per-connection model

Prerequisites

  • Rust 1.70+ installed
  • Access to the redstr core library (as a dependency)

Installation

git clone https://github.com/arvid-berndtsson/redstr-server.git
cd redstr-server
cargo build --release

The binary will be available at target/release/redstr-server.

Usage

Start the server:

cargo run --release

Or run the compiled binary:

./target/release/redstr-server

The server will listen on http://127.0.0.1:8080 by default.

API Endpoints

GET /

Returns server information and available endpoints.

Response:

{
  "service": "redstr",
  "version": "0.2.0",
  "endpoints": ["/transform", "/batch", "/functions", "/health", "/version"]
}

GET /health

Health check endpoint.

Response:

{
  "status": "healthy"
}

GET /version

Get detailed version information.

Response:

{
  "service": "redstr-server",
  "version": "0.1.0",
  "redstr_version": "0.2.0"
}

GET /functions

List all available transformation functions.

Response:

{
  "functions": ["leetspeak", "base64_encode", "url_encode", ...],
  "count": 62
}

POST /transform

Transform a string using a redstr function.

Request:

{
  "function": "leetspeak",
  "input": "Hello World"
}

Response:

{
  "output": "H3ll0 W0rld"
}

Error Response:

{
  "error": "Unknown function: invalid_function"
}

POST /batch

Transform multiple strings in a single request.

Request:

{
  "transforms": [
    {"function": "leetspeak", "input": "Hello"},
    {"function": "base64_encode", "input": "World"}
  ]
}

Response:

{
  "results": [
    {"output": "H3ll0"},
    {"output": "V29ybGQ="}
  ]
}

Available Functions

See the redstr documentation for a complete list of available transformation functions. All redstr functions are available via the API.

Example Usage

Using curl

# List all available functions
curl http://localhost:8080/functions

# Check server health
curl http://localhost:8080/health

# Get version information
curl http://localhost:8080/version

# Basic transformation
curl -X POST http://localhost:8080/transform \
  -H "Content-Type: application/json" \
  -d '{"function":"leetspeak","input":"password"}'

# Batch transformations
curl -X POST http://localhost:8080/batch \
  -H "Content-Type: application/json" \
  -d '{"transforms":[{"function":"leetspeak","input":"hello"},{"function":"base64_encode","input":"world"}]}'

# SQL injection pattern
curl -X POST http://localhost:8080/transform \
  -H "Content-Type: application/json" \
  -d '{"function":"sql_comment_injection","input":"SELECT * FROM users"}'

# Domain typosquatting
curl -X POST http://localhost:8080/transform \
  -H "Content-Type: application/json" \
  -d '{"function":"domain_typosquat","input":"example.com"}'

Using Python

import requests

url = "http://localhost:8080/transform"
payload = {
    "function": "xss_tag_variations",
    "input": "<script>alert('XSS')</script>"
}

response = requests.post(url, json=payload)
print(response.json()["output"])

Using JavaScript

fetch('http://localhost:8080/transform', {
  method: 'POST',
  headers: { 'Content-Type': 'application/json' },
  body: JSON.stringify({
    function: 'base64_encode',
    input: 'Hello World'
  })
})
.then(res => res.json())
.then(data => console.log(data.output));

Integration with External Tools

This HTTP server is designed to be used as a bridge between redstr and external security testing tools:

  • EvilJinx: Use for domain generation and email obfuscation
  • Caido: Create plugins that call this API for transformations
  • Burp Suite: Build extensions that interface with this server
  • OWASP ZAP: Create add-ons that use this API
  • Custom Tools: Any tool that can make HTTP requests

Security Considerations

  • The server binds to localhost (127.0.0.1) by default for security
  • No authentication is implemented - add your own if exposing to network
  • Designed for local use and authorized security testing only
  • Log all transformation requests for audit purposes

Performance

  • Thread-per-connection model
  • Synchronous I/O (suitable for moderate load)
  • No external dependencies
  • Minimal memory footprint

For high-performance scenarios, consider using an async runtime like Tokio.

Troubleshooting

Port already in use:

Error: Address already in use (os error 98)

Solution: Change the port in main.rs or kill the process using port 8080.

Connection refused: Ensure the server is running and accessible at the configured address.

Testing

The project includes comprehensive unit and integration tests.

Run Unit Tests

cargo test --bin redstr-server

Run Integration Tests

Integration tests require the server to be running. Start the server in one terminal:

cargo run --release

Then in another terminal, run the integration tests:

cargo test --test integration_tests -- --ignored

Future Enhancements

  • Configuration file support
  • Custom port binding
  • Authentication/authorization
  • Rate limiting
  • Request logging
  • Metrics endpoint
  • Async I/O with Tokio
  • TLS support

License

MIT License - See LICENSE file in the repository root.

Important: This server is designed for authorized security testing only. Users must obtain proper authorization before conducting any security assessments.