Expand description
Payload encoding strategies — transform payloads to bypass WAF keyword detection.
Each strategy changes HOW the payload looks without changing WHAT it does. The server decodes the payload back to its original form, but the WAF fails to match it against its rules.
§Module structure
| Module | Responsibility |
|---|---|
strategy | Strategy enum and encode() dispatcher |
url | URL, double-URL, and triple-URL encoding |
unicode | Unicode \uXXXX, %uXXXX, JSON, and HTML entity encoding |
keyword | Case alternation, whitespace/comment insertion, SQL obfuscation |
structural | Null byte, overlong UTF-8, chunked split, HPP, compression |
layered | Multi-strategy chaining and aggressiveness scoring |
Re-exports§
pub use layered::aggressiveness;pub use layered::encode_layered;pub use layered::layered_combinations;pub use strategy::Strategy;pub use strategy::all_strategies;pub use strategy::encode;
Modules§
- keyword
- Keyword manipulation strategies (case, whitespace, comments). Keyword manipulation encoding strategies.
- layered
- Multi-strategy layering and aggressiveness scoring. Multi-strategy encoding chains and aggressiveness scoring.
- strategy
- Strategy enum and encode() dispatcher. Strategy enum and main encode() dispatcher.
- structural
- Structural encoding strategies (null byte, overlong UTF-8, chunked, HPP). Structural encoding strategies — byte-level and framing manipulations.
- unicode
- Unicode and HTML entity encoding strategies. Unicode and HTML entity encoding strategies.
- url
- URL-based encoding strategies (single, double, triple). URL-based encoding strategies.