Skip to main content

wafrift_smuggling/
lib.rs

1//! wafrift-smuggling — HTTP request smuggling and HTTP/2 frame-level evasion.
2//!
3//! Generates raw HTTP payloads for CL.TE, TE.CL, TE.TE, CL.0,
4//! H2C, WebSocket smuggling, and HTTP/2 downgrade / frame-level evasion.
5//!
6//! # Safety
7//!
8//! All probes carry a per-request poison canary. Exploit-grade payloads
9//! are gated behind the `unsafe-probes` feature to prevent accidental
10//! collateral damage on production targets.
11//!
12//! # Examples
13//!
14//! Build a `Content-Length` / `Transfer-Encoding` desync probe.
15//! Every byte of the wire payload is materialised here so the caller
16//! can replay it through any TCP transport (tokio, std, miri):
17//!
18//! ```
19//! use wafrift_smuggling::smuggling::cl_te;
20//!
21//! let payload = cl_te("example.com", "GET /admin HTTP/1.1\r\nHost: x\r\n\r\n").unwrap();
22//! let wire = std::str::from_utf8(&payload.raw_bytes).unwrap();
23//! assert!(wire.starts_with("POST"));
24//! assert!(wire.contains("Host: example.com"));
25//! assert!(wire.contains("Transfer-Encoding: chunked"),
26//!         "TE header is the bypass primitive");
27//! assert!(wire.contains("Content-Length:"));
28//! // Per-payload canary so logs can correlate without leaking the
29//! // original target.
30//! assert_eq!(payload.canary.token.len(), 16);
31//! ```
32
33pub mod h2_evasion;
34pub mod parser;
35pub mod rules;
36pub mod safety;
37pub mod smuggling;