Expand description
wafrift-strategy — Evasion strategy pipeline.
The orchestrator that wires all WAF Rift modules into a coherent evasion flow: request → detect → grammar → encoding → content-type → smuggling → fingerprint → result.
Maintains per-host adaptive state (HostState), promotes proven-winner
techniques into a rotation pool, evicts winners that get blocked, and
restarts full discovery when all winners are exhausted. Per-WAF state
persists to ~/.wafrift/genomes/<waf>.json across sessions.
Also integrates MCTS (mcts_bridge) and ML-WAF evasion (ml_evasion).
§Examples
Per-host adaptation: the strategy keeps a HostState for each
target. As blocks pile up the engine escalates encoding choices;
once a technique consistently bypasses, it gets promoted to a
“proven winner” and the engine rotates through the winner pool
instead of re-discovering from scratch.
use wafrift_strategy::HostState;
use wafrift_types::technique::Technique;
let mut state = HostState::default();
assert!(!state.waf_confirmed);
assert_eq!(state.blocks, 0);
// Three confirmed blocks — strategy now knows escalation is needed.
state.record_block();
state.record_block();
state.record_block();
assert_eq!(state.blocks, 3);
assert!(state.needs_evasion());
// After a single technique succeeds, last_success is populated and
// the per-technique success rate gets tracked for future rotation.
state.record_success(Technique::HeaderObfuscation("uppercase".into()));
assert!(state.last_success.is_some());Re-exports§
pub use drift_window::BypassRateMonitor;pub use drift_window::ChangePointEvent;pub use drift_window::DriftDetector;pub use drift_window::ProbeObservation;pub use drift_window::RegimeChange;pub use host_state::HostState;pub use learning_cache::LearningCache;pub use ml_evasion::DEFAULT_ML_BUDGET;pub use ml_evasion::apply_ml_evasion_if_applicable;pub use pipeline::EvasionPipeline;pub use pipeline::EvasionPlanOutput;pub use planner::plan_pipelines;pub use strategy::*;
Modules§
- composition
- Pipeline composition grammar.
- cost
- Cost model for evasion techniques.
- drift_
window - Drift-aware evasion window detection (#115). CUSUM-based sequential change-point detector for WAF regime shifts. Drift-aware evasion window detection (#115).
- explain
- Per-finding explanation engine for audit reports.
- gene_
bank - Cross-target gene bank — persistent WAF evasion memory.
- host_
state - Per-host evasion state — tracks what works and what doesn’t.
- learning_
cache - Learning cache — persistent per-WAF, per-payload-type pipeline memory.
- mcts_
bridge - MCTS bridge for intelligent evasion trajectory optimization.
Bridge connecting the abstract Monte Carlo Tree Search framework to
WafRift’s concrete HTTP Request types. - ml_
evasion - ML-WAF evasion routing (#129): decision-based boundary attack for learned classifiers (AWS Bot Control, Cloudflare Bot Management, Akamai Bot Manager). #129 ML-WAF evasion routing.
- pipeline
- Evasion pipeline — an ordered sequence of techniques with a cost estimate.
- planner
- Strategy planner — generates ordered lists of evasion pipelines.
- plugin_
bridge - Plugin bridge — integrates external TOML/WASM tampers from wafrift-plugin-api
into the evasion pipeline alongside built-in tampers.
Plugin bridge — integrates
wafrift_plugin_apiexternal tampers into the strategy pipeline alongside built-in tampers. - strategy
- Evasion strategy engine — the pipeline that wires ALL modules.
- waf_
presets - WAF-specific evasion presets loaded from TOML rules. WAF-specific evasion presets loaded from TOML rules.