stealthreq 0.1.0

Trait-driven, human-like request mutation primitives for crawlers and scrapers.
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114

# stealthreq

`stealthreq` is a Rust library for generating human-like outbound request behavior across HTTP clients.
It focuses on three anti-fingerprint layers:

- randomized request headers and header order noise
- timing jitter before sends
- selectable TLS fingerprint profiles (for clients that can consume them)

`RequestModifier` is intentionally trait-based so any client can adopt it through a small adapter.

## Features

- `StealthProfile` and `StealthPolicy` to generate per-request traffic noise.
- `RequestModifier` trait with deterministic and randomized application options.
- `MutableRequest` adapter trait so `reqwest`, `hyper`, `ureq`, or custom clients can participate.
- WAF fingerprint detection and suggested evasions based on the extracted `karyx` logic.

## Installation

```toml
[dependencies]
stealthreq = "0.1"
```

## Quick Start

```rust
use stealthreq::{RequestModifier, StealthPolicy, MutableRequest};

struct BuilderAdapter {
    headers: Vec<(String, String)>,
}

impl MutableRequest for BuilderAdapter {
    fn set_header(&mut self, name: &str, value: &str) {
        self.headers.push((name.to_string(), value.to_string()));
    }
}

let mut request = BuilderAdapter { headers: vec![] };
let policy = StealthPolicy::default();
let applied = policy.apply(&mut request).unwrap();

println!("ua={}", applied.user_agent);
println!("headers={:?}", request.headers);
println!("jitter={:?}", applied.jitter);
println!("tls={}", applied.tls_profile.name);
```

## Example: reqwest integration

```rust
use reqwest::Client;
use stealthreq::{RequestModifier, StealthPolicy, MutableRequest};

struct ReqwestAdapter {
    pub builder: reqwest::RequestBuilder,
}

impl MutableRequest for ReqwestAdapter {
    fn set_header(&mut self, name: &str, value: &str) {
        self.builder = self.builder.header(name, value);
    }
}

#[tokio::main]
async fn main() {
    let client = Client::new();
    let mut req = ReqwestAdapter { builder: client.get("https://example.com") };
    let policy = StealthPolicy::default();
    let _ = policy.apply(&mut req).unwrap();

    let request = req.builder.build().unwrap();
    let _ = client.execute(request).await.unwrap();
}
```

## Example: custom timing only

```rust
use stealthreq::StealthProfileConfig;

let config_toml = r#"jitter_ms_min = 200
jitter_ms_max = 800
rotate_tls = false
seed = 4242
"#;
let profile = StealthProfileConfig::from_toml(config_toml).unwrap();
println!("{} ms", profile.timing.min_ms);
```

## WAF-aware suggestion flow

Use the bundled `waf` module to read a snapshot and choose safer payload encodings:

```rust
use stealthreq::waf::{HttpResponseSnapshot, detect_waf, suggest_evasion};

let snapshot = HttpResponseSnapshot {
    status: 403,
    headers: vec![("Server".into(), "cloudflare".into())],
    body: b"Access denied".to_vec(),
};
if let Some(fp) = detect_waf(&snapshot) {
    let encodings = suggest_evasion(&fp);
    println!("{}", fp.name);
    println!("{} strategies", encodings.len());
}
```

## Contributing

Open issues or PRs with tests for new fingerprints, profiles, and client adapters.