Skip to main content

Crate wafrift_strategy

Crate wafrift_strategy 

Source
Expand description

wafrift-strategy — Evasion strategy pipeline.

The orchestrator that wires all WAF Rift modules into a coherent evasion flow: request → detect → grammar → encoding → content-type → smuggling → fingerprint → result.

Maintains per-host adaptive state (HostState), promotes proven-winner techniques into a rotation pool, evicts winners that get blocked, and restarts full discovery when all winners are exhausted. Per-WAF state persists to ~/.wafrift/genomes/<waf>.json across sessions. Also integrates MCTS (mcts_bridge) and ML-WAF evasion (ml_evasion).

§Examples

Per-host adaptation: the strategy keeps a HostState for each target. As blocks pile up the engine escalates encoding choices; once a technique consistently bypasses, it gets promoted to a “proven winner” and the engine rotates through the winner pool instead of re-discovering from scratch.

use wafrift_strategy::HostState;
use wafrift_types::technique::Technique;

let mut state = HostState::default();
assert!(!state.waf_confirmed);
assert_eq!(state.blocks, 0);

// Three confirmed blocks — strategy now knows escalation is needed.
state.record_block();
state.record_block();
state.record_block();
assert_eq!(state.blocks, 3);
assert!(state.needs_evasion());

// After a single technique succeeds, last_success is populated and
// the per-technique success rate gets tracked for future rotation.
state.record_success(Technique::HeaderObfuscation("uppercase".into()));
assert!(state.last_success.is_some());

Re-exports§

pub use drift_window::BypassRateMonitor;
pub use drift_window::ChangePointEvent;
pub use drift_window::DriftDetector;
pub use drift_window::ProbeObservation;
pub use drift_window::RegimeChange;
pub use host_state::HostState;
pub use learning_cache::LearningCache;
pub use ml_evasion::DEFAULT_ML_BUDGET;
pub use ml_evasion::apply_ml_evasion_if_applicable;
pub use pipeline::EvasionPipeline;
pub use pipeline::EvasionPlanOutput;
pub use planner::plan_pipelines;
pub use strategy::*;

Modules§

composition
Pipeline composition grammar.
cost
Cost model for evasion techniques.
drift_window
Drift-aware evasion window detection (#115). CUSUM-based sequential change-point detector for WAF regime shifts. Drift-aware evasion window detection (#115).
explain
Per-finding explanation engine for audit reports.
gene_bank
Cross-target gene bank — persistent WAF evasion memory.
host_state
Per-host evasion state — tracks what works and what doesn’t.
learning_cache
Learning cache — persistent per-WAF, per-payload-type pipeline memory.
mcts_bridge
MCTS bridge for intelligent evasion trajectory optimization. Bridge connecting the abstract Monte Carlo Tree Search framework to WafRift’s concrete HTTP Request types.
ml_evasion
ML-WAF evasion routing (#129): decision-based boundary attack for learned classifiers (AWS Bot Control, Cloudflare Bot Management, Akamai Bot Manager). #129 ML-WAF evasion routing.
pipeline
Evasion pipeline — an ordered sequence of techniques with a cost estimate.
planner
Strategy planner — generates ordered lists of evasion pipelines.
plugin_bridge
Plugin bridge — integrates external TOML/WASM tampers from wafrift-plugin-api into the evasion pipeline alongside built-in tampers. Plugin bridge — integrates wafrift_plugin_api external tampers into the strategy pipeline alongside built-in tampers.
strategy
Evasion strategy engine — the pipeline that wires ALL modules.
waf_presets
WAF-specific evasion presets loaded from TOML rules. WAF-specific evasion presets loaded from TOML rules.