pub struct AuthSmuggleProbe {
pub variant: AuthHeaderVariant,
pub header_lines: Vec<(String, String)>,
pub description: String,
pub canary: Canary,
}Expand description
An Authorization-header smuggle probe.
Fields§
§variant: AuthHeaderVariantWhich smuggle shape this probe implements.
header_lines: Vec<(String, String)>Header lines to attach to the request. Most variants emit
exactly one (name, value) pair; the duplicate-header
variant emits two.
description: StringTelemetry description.
canary: CanaryPer-probe correlation token.
Implementations§
Source§impl AuthSmuggleProbe
impl AuthSmuggleProbe
Sourcepub fn lowercase_scheme(header_name: &str, scheme: &str, token: &str) -> Self
pub fn lowercase_scheme(header_name: &str, scheme: &str, token: &str) -> Self
bearer <token> — lowercase scheme.
Sourcepub fn no_whitespace_after_scheme(
header_name: &str,
scheme: &str,
token: &str,
) -> Self
pub fn no_whitespace_after_scheme( header_name: &str, scheme: &str, token: &str, ) -> Self
Bearer<token> — no whitespace between scheme and token.
Sourcepub fn tab_between_scheme_and_token(
header_name: &str,
scheme: &str,
token: &str,
) -> Self
pub fn tab_between_scheme_and_token( header_name: &str, scheme: &str, token: &str, ) -> Self
Bearer\t<token> — TAB instead of SP between scheme and
token.
Sourcepub fn multiple_spaces_after_scheme(
header_name: &str,
scheme: &str,
token: &str,
) -> Self
pub fn multiple_spaces_after_scheme( header_name: &str, scheme: &str, token: &str, ) -> Self
Bearer <token> — 3-7 spaces between scheme and token.
Sourcepub fn duplicate_header_first_wins_benign(
header_name: &str,
scheme: &str,
benign_token: &str,
smuggle_token: &str,
) -> Self
pub fn duplicate_header_first_wins_benign( header_name: &str, scheme: &str, benign_token: &str, smuggle_token: &str, ) -> Self
Two header lines with the same name; first benign, second the real smuggled token. nginx-style “first wins” parsers see benign; Apache-style “last wins” parsers see smuggle.
Sourcepub fn quoted_scheme(header_name: &str, scheme: &str, token: &str) -> Self
pub fn quoted_scheme(header_name: &str, scheme: &str, token: &str) -> Self
"Bearer" <token> — scheme wrapped in double quotes.
Sourcepub fn trailing_junk_after_token(
header_name: &str,
scheme: &str,
token: &str,
junk: &str,
) -> Self
pub fn trailing_junk_after_token( header_name: &str, scheme: &str, token: &str, junk: &str, ) -> Self
Bearer <token> <junk> — extra bytes after the token.
Sourcepub fn control_byte_in_token(
header_name: &str,
scheme: &str,
token: &str,
) -> Self
pub fn control_byte_in_token( header_name: &str, scheme: &str, token: &str, ) -> Self
Bearer <token-with-ctl> — control byte injected at the
token midpoint. CTL pool randomised per call.
Trait Implementations§
Source§impl Clone for AuthSmuggleProbe
impl Clone for AuthSmuggleProbe
Source§fn clone(&self) -> AuthSmuggleProbe
fn clone(&self) -> AuthSmuggleProbe
1.0.0 (const: unstable) · Source§fn clone_from(&mut self, source: &Self)
fn clone_from(&mut self, source: &Self)
source. Read moreSource§impl Debug for AuthSmuggleProbe
impl Debug for AuthSmuggleProbe
Source§impl SmuggleProbe for AuthSmuggleProbe
impl SmuggleProbe for AuthSmuggleProbe
Source§fn canary(&self) -> &Canary
fn canary(&self) -> &Canary
X-Probe-Id, etc.) so server-side responses can be
attributed to the specific variant that triggered them.Source§fn technique(&self) -> String
fn technique(&self) -> String
family.variant form. Used
in telemetry, JSON output, and reproducer logs. Example:
"cookie.duplicate-name-last-wins".