Expand description
wafrift-encoding — Payload encoding strategies and header obfuscation.
See cookie_smuggle for RFC 6265-vs-6265bis Cookie-header
parser-differential probes (prefix bypass, duplicate-name pairs,
quoted-semicolon values, empty-name pairs, control-byte injection,
whitespace around =).
Transforms attack payloads using various encoding strategies (URL, Unicode, HTML entity, SQL comments, etc.) and applies header-level obfuscation techniques for WAF bypass.
§Examples
Single-pass encoding with one strategy:
use wafrift_encoding::{Strategy, encode};
let payload = "' OR 1=1--";
let url_encoded = encode(payload, Strategy::UrlEncode).unwrap();
assert!(url_encoded.contains("%27")); // single quote
assert!(url_encoded.contains("%20")); // space
assert!(url_encoded.contains("%3D")); // equals
// Same payload, double-encoded — bypasses single-decode WAFs.
let double = encode(payload, Strategy::DoubleUrlEncode).unwrap();
assert!(double.contains("%2527"));Layered encoding for stronger evasion (HTML-entity-encode the Unicode-escaped form):
use wafrift_encoding::{Strategy, encode_layered};
let result = encode_layered(
"<script>",
&[Strategy::UnicodeEncode, Strategy::HtmlEntityEncode],
).unwrap();
assert!(result.contains('&')); // HTML entity encodedRe-exports§
pub use encoding::Strategy;pub use encoding::aggressiveness;pub use encoding::all_strategies;pub use encoding::encode;pub use encoding::encode_layered;pub use encoding::layered_combinations;pub use error::EncodeError;pub use tamper::TamperConfig;pub use tamper::TamperError;pub use tamper::TamperRegistry;pub use tamper::TamperStrategy;pub use tamper::all_tamper_names;pub use tamper::default_registry;pub use tamper::tamper;
Modules§
- auth_
bypass - Auth-bypass header probes (Orange Tsai parser-disagreement class).
- auth_
header_ smuggle Authorization/Proxy-Authorizationheader parser-differential smuggling.- compression
compression— request-body compression as a WAF-evasion surface.- contextual
- cookie_
smuggle - Cookie-header parser-differential smuggling (RFC 6265 vs 6265bis).
- encoding
- Payload encoding strategies — transform payloads to bypass WAF keyword detection.
- error
- Error types for wafrift-encoding.
- header
- HTTP header obfuscation for WAF bypass.
- host_
header_ smuggle - Host-header parser-differential probes.
- jwt_
smuggle - JWT (JSON Web Token) parser-differential probes.
- path_
normalize_ smuggle - HTTP request-path parser-differential probes — exploit normalization disagreements between a fronting WAF and the backend origin.
- path_
prefix - Path-prefix mutations — restructure the URI path so the WAF’s prefix-match ACL sees a different shape than the origin parser eventually serves.
- range_
header_ smuggle Rangerequest-header parser-differential smuggling (RFC 7233).- tamper
- Payload tampering strategies — advanced payload transformations beyond basic encoding.
- url_
mutate - URL / query-string payload mutation — opt-in attack surface for
the proxy
--mutate-urlflag and the strategy engine’s URL-aware evade variants.