Skip to main content

Crate wafrift_encoding

Crate wafrift_encoding 

Source
Expand description

wafrift-encoding — Payload encoding strategies and header obfuscation.

See cookie_smuggle for RFC 6265-vs-6265bis Cookie-header parser-differential probes (prefix bypass, duplicate-name pairs, quoted-semicolon values, empty-name pairs, control-byte injection, whitespace around =).

Transforms attack payloads using various encoding strategies (URL, Unicode, HTML entity, SQL comments, etc.) and applies header-level obfuscation techniques for WAF bypass.

§Examples

Single-pass encoding with one strategy:

use wafrift_encoding::{Strategy, encode};

let payload = "' OR 1=1--";
let url_encoded = encode(payload, Strategy::UrlEncode).unwrap();
assert!(url_encoded.contains("%27"));    // single quote
assert!(url_encoded.contains("%20"));    // space
assert!(url_encoded.contains("%3D"));    // equals

// Same payload, double-encoded — bypasses single-decode WAFs.
let double = encode(payload, Strategy::DoubleUrlEncode).unwrap();
assert!(double.contains("%2527"));

Layered encoding for stronger evasion (HTML-entity-encode the Unicode-escaped form):

use wafrift_encoding::{Strategy, encode_layered};

let result = encode_layered(
    "<script>",
    &[Strategy::UnicodeEncode, Strategy::HtmlEntityEncode],
).unwrap();
assert!(result.contains('&'));   // HTML entity encoded

Re-exports§

pub use encoding::Strategy;
pub use encoding::aggressiveness;
pub use encoding::all_strategies;
pub use encoding::encode;
pub use encoding::encode_layered;
pub use encoding::layered_combinations;
pub use error::EncodeError;
pub use tamper::TamperConfig;
pub use tamper::TamperError;
pub use tamper::TamperRegistry;
pub use tamper::TamperStrategy;
pub use tamper::all_tamper_names;
pub use tamper::default_registry;
pub use tamper::tamper;

Modules§

auth_bypass
Auth-bypass header probes (Orange Tsai parser-disagreement class).
auth_header_smuggle
Authorization / Proxy-Authorization header parser-differential smuggling.
compression
compression — request-body compression as a WAF-evasion surface.
contextual
cookie_smuggle
Cookie-header parser-differential smuggling (RFC 6265 vs 6265bis).
encoding
Payload encoding strategies — transform payloads to bypass WAF keyword detection.
error
Error types for wafrift-encoding.
header
HTTP header obfuscation for WAF bypass.
host_header_smuggle
Host-header parser-differential probes.
jwt_smuggle
JWT (JSON Web Token) parser-differential probes.
path_normalize_smuggle
HTTP request-path parser-differential probes — exploit normalization disagreements between a fronting WAF and the backend origin.
path_prefix
Path-prefix mutations — restructure the URI path so the WAF’s prefix-match ACL sees a different shape than the origin parser eventually serves.
range_header_smuggle
Range request-header parser-differential smuggling (RFC 7233).
tamper
Payload tampering strategies — advanced payload transformations beyond basic encoding.
url_mutate
URL / query-string payload mutation — opt-in attack surface for the proxy --mutate-url flag and the strategy engine’s URL-aware evade variants.