Skip to main content

MirrorPayload

synapse_pingora::shadow

Struct MirrorPayload 

Source 
pub struct MirrorPayload {
Show 15 fields
    pub request_id: String,
    pub timestamp: String,
    pub source_ip: String,
    pub ja4_fingerprint: Option<String>,
    pub ja4h_fingerprint: Option<String>,
    pub risk_score: f32,
    pub matched_rules: Vec<String>,
    pub campaign_id: Option<String>,
    pub method: String,
    pub uri: String,
    pub headers: HashMap<String, String>,
    pub body: Option<String>,
    pub site_name: String,
    pub sensor_id: String,
    pub protocol_version: String,

}
Expand description

JSON payload sent to honeypot endpoints.

Contains all relevant request context for threat analysis:

  • Client identification (IP, fingerprints)
  • Risk assessment (score, matched rules, campaign correlation)
  • Full request details (method, URI, headers, body)

Fields§

§request_id: String

Unique request identifier (UUID v4)

§timestamp: String

Timestamp of original request (RFC 3339)

§source_ip: String

Source IP address of the client

§ja4_fingerprint: Option<String>

JA4 TLS fingerprint (if available)

§ja4h_fingerprint: Option<String>

JA4H HTTP fingerprint (if available)

§risk_score: f32

Risk score that triggered mirroring (0-100)

§matched_rules: Vec<String>

IDs of rules that matched this request

§campaign_id: Option<String>

Campaign ID if correlated to a known threat campaign

§method: String

HTTP method (GET, POST, etc.)

§uri: String

Request URI (path + query string)

§headers: HashMap<String, String>

Request headers (filtered based on configuration)

§body: Option<String>

Request body (if include_body enabled and within max size)

§site_name: String

WAF site/vhost name that processed the request

§sensor_id: String

Synapse sensor ID for multi-sensor deployments

§protocol_version: String

Version of the mirror payload protocol

Implementations§

Source§

impl MirrorPayload

Source

pub fn new( request_id: String, source_ip: String, risk_score: f32, method: String, uri: String, site_name: String, sensor_id: String, ) -> Self

Creates a new MirrorPayload with required fields.

Source

pub fn with_ja4(self, fingerprint: Option<String>) -> Self

Sets the JA4 TLS fingerprint.

Source

pub fn with_ja4h(self, fingerprint: Option<String>) -> Self

Sets the JA4H HTTP fingerprint.

Source

pub fn with_rules(self, rules: Vec<String>) -> Self

Sets the matched rules.

Source

pub fn with_campaign(self, campaign_id: Option<String>) -> Self

Sets the campaign ID.

Source

pub fn with_headers(self, headers: HashMap<String, String>) -> Self

Sets the request headers after sanitizing sensitive credentials.

Automatically strips Authorization, Cookie, and other credential headers to prevent leaking user credentials to honeypot systems.

Source

pub fn with_headers_unsanitized(self, headers: HashMap<String, String>) -> Self

Sets the request headers without sanitization.

§Safety

This method bypasses header sanitization. Only use this when headers have already been sanitized or when intentionally including all headers (e.g., for internal testing honeypots).

Source

pub fn with_body(self, body: Option<String>) -> Self

Sets the request body.

Source

pub fn to_json_bytes(&self) -> Result<Vec<u8>, Error>

Serializes the payload to JSON bytes.

Source

pub fn to_json_string(&self) -> Result<String, Error>

Serializes the payload to a JSON string.

Trait Implementations§

Source§

impl Clone for MirrorPayload

Source§

fn clone(&self) -> MirrorPayload

Returns a duplicate of the value. Read more
1.0.0 · Source§

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source. Read more
Source§

impl Debug for MirrorPayload

Source§

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter. Read more
Source§

impl<'de> Deserialize<'de> for MirrorPayload

Source§

fn deserialize<__D>(__deserializer: __D) -> Result<Self, __D::Error>
where __D: Deserializer<'de>,

Deserialize this value from the given Serde deserializer. Read more
Source§

impl Serialize for MirrorPayload

Source§

fn serialize<__S>(&self, __serializer: __S) -> Result<__S::Ok, __S::Error>
where __S: Serializer,

Serialize this value into the given Serde serializer. Read more

Auto Trait Implementations§

Blanket Implementations§

Source§

impl<T> Any for T
where T: 'static + ?Sized,

Source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
Source§

impl<T> Borrow<T> for T
where T: ?Sized,

Source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
Source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

Source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
Source§

impl<T> CloneToUninit for T
where T: Clone,

Source§

unsafe fn clone_to_uninit(&self, dest: *mut u8)

🔬This is a nightly-only experimental API. (clone_to_uninit)
Performs copy-assignment from self to dest. Read more
Source§

impl<T> Downcast for T
where T: Any,

Source§

fn into_any(self: Box<T>) -> Box<dyn Any>

Convert Box<dyn Trait> (where Trait: Downcast) to Box<dyn Any>. Box<dyn Any> can then be further downcast into Box<ConcreteType> where ConcreteType implements Trait.
Source§

fn into_any_rc(self: Rc<T>) -> Rc<dyn Any>

Convert Rc<Trait> (where Trait: Downcast) to Rc<Any>. Rc<Any> can then be further downcast into Rc<ConcreteType> where ConcreteType implements Trait.
Source§

fn as_any(&self) -> &(dyn Any + 'static)

Convert &Trait (where Trait: Downcast) to &Any. This is needed since Rust cannot generate &Any’s vtable from &Trait’s.
Source§

fn as_any_mut(&mut self) -> &mut (dyn Any + 'static)

Convert &mut Trait (where Trait: Downcast) to &Any. This is needed since Rust cannot generate &mut Any’s vtable from &mut Trait’s.
Source§

impl<T> DowncastSync for T
where T: Any + Send + Sync,

Source§

fn into_any_arc(self: Arc<T>) -> Arc<dyn Any + Sync + Send>

Convert Arc<Trait> (where Trait: Downcast) to Arc<Any>. Arc<Any> can then be further downcast into Arc<ConcreteType> where ConcreteType implements Trait.
Source§

impl<T> DynClone for T
where T: Clone,

Source§

fn __clone_box(&self, _: Private) -> *mut ()

Source§

impl<T> From<T> for T

Source§

fn from(t: T) -> T

Returns the argument unchanged.

Source§

impl<T> FromRef<T> for T
where T: Clone,

Source§

fn from_ref(input: &T) -> T

Converts to this type from a reference to the input type.
Source§

impl<T> Instrument for T

Source§

fn instrument(self, span: Span) -> Instrumented<Self>

Instruments this type with the provided Span, returning an Instrumented wrapper. Read more
Source§

fn in_current_span(self) -> Instrumented<Self>

Instruments this type with the current Span, returning an Instrumented wrapper. Read more
Source§

impl<T, U> Into<U> for T
where U: From<T>,

Source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

Source§

impl<T> IntoEither for T

Source§

fn into_either(self, into_left: bool) -> Either<Self, Self>

Converts self into a Left variant of Either<Self, Self> if into_left is true. Converts self into a Right variant of Either<Self, Self> otherwise. Read more
Source§

fn into_either_with<F>(self, into_left: F) -> Either<Self, Self>
where F: FnOnce(&Self) -> bool,

Converts self into a Left variant of Either<Self, Self> if into_left(&self) returns true. Converts self into a Right variant of Either<Self, Self> otherwise. Read more
Source§

impl<T> Pointable for T

Source§

const ALIGN: usize

The alignment of pointer.
Source§

type Init = T

The type for initializers.
Source§

unsafe fn init(init: <T as Pointable>::Init) -> usize

Initializes a with the given initializer. Read more
Source§

unsafe fn deref<'a>(ptr: usize) -> &'a T

Dereferences the given pointer. Read more
Source§

unsafe fn deref_mut<'a>(ptr: usize) -> &'a mut T

Mutably dereferences the given pointer. Read more
Source§

unsafe fn drop(ptr: usize)

Drops the object pointed to by the given pointer. Read more
Source§

impl<T> Same for T

Source§

type Output = T

Should always be Self
Source§

impl<T> ToOwned for T
where T: Clone,

Source§

type Owned = T

The resulting type after obtaining ownership.
Source§

fn to_owned(&self) -> T

Creates owned data from borrowed data, usually by cloning. Read more
Source§

fn clone_into(&self, target: &mut T)

Uses borrowed data to replace owned data, usually by cloning. Read more
Source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

Source§

type Error = Infallible

The type returned in the event of a conversion error.
Source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
Source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

Source§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
Source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.
Source§

impl<V, T> VZip<V> for T
where V: MultiLane<T>,

Source§

fn vzip(self) -> V

Source§

impl<T> WithSubscriber for T

Source§

fn with_subscriber<S>(self, subscriber: S) -> WithDispatch<Self>
where S: Into<Dispatch>,

Attaches the provided Subscriber to this type, returning a WithDispatch wrapper. Read more
Source§

fn with_current_subscriber(self) -> WithDispatch<Self>

Attaches the current default Subscriber to this type, returning a WithDispatch wrapper. Read more
Source§

impl<T> DeserializeOwned for T
where T: for<'de> Deserialize<'de>,

Source§

impl<A, B, T> HttpServerConnExec<A, B> for T
where B: Body,