README Version: [English | 简体中文]
HaE is a framework-style project in the field of cybersecurity (data security), adopting a Lego brick-style modular design philosophy to achieve fine-grained tagging and extraction of HTTP messages (including WebSocket).
By utilizing multi-engine customized regular expressions, HaE can accurately match and process HTTP requests and response messages (including WebSocket), effectively tagging and extracting information from successfully matched content. This enhances the efficiency of vulnerability and data analysis in the field of cybersecurity (data security).
With the adoption of front-end and back-end separation development models in modern web applications, the amount of captured HTTP request traffic during routine vulnerability discovery has correspondingly increased. Fully assessing a web application often requires spending considerable time on irrelevant messages. The emergence of HaE aims to address such situations, by using HaE, you can effectively reduce testing time, focusing more effort on valuable and meaningful messages, thus improving the efficiency of vulnerability discovery.
GitHub project address: https://github.com/gh0stkey/HaE
GitCode project address: https://gitcode.com/gh0stkey/HaE
Awards and Recognitions:
Notes and Precautions:
- Starting with HaE version 3.0, development is done using the
Montoya API. To use the new version of HaE, you need to upgrade your BurpSuite version (>=2023.12.1). - Custom HaE rules must enclose the expressions to be extracted within parentheses
(). For example, if you want to match a response message from a Shiro application, the normal matching rule would berememberMe=delete, but in HaE's rule format, it needs to be written as(rememberMe=delete).
Currently, HaE rules consist of 8 fields, with detailed meanings as follows:
| Field | Meaning |
|---|---|
| Name | Rule name, primarily used to briefly summarize the purpose of the current rule. |
| F-Regex | Rule regex, mainly used for entering regular expressions. In HaE, any content that needs to be extracted and matched should be enclosed within ( and ). |
| S-Regex | Rule regex, with the same usage as F-Regex. S-Regex is a secondary regex, which can be used for further matching and extraction from the data results matched by F-Regex. Can be left empty if not needed. |
| Format | Formatted output; in NFA engine regular expressions, we can use {0}, {1}, {2}... to format and output captured groups. By default, using {0} is sufficient. |
| Scope | Rule scope, indicating which part of the HTTP message the current rule applies to. Supports request/response lines, headers, bodies, and complete messages. |
| Engine | Regex engine, indicating which engine the current rule's regular expression uses. DFA engine: scans each character in the text string only once, fast speed, fewer features; NFA engine: repeatedly marks and unmarks characters, slower but richer features (e.g., grouping, replacement, splitting). |
| Color | Match color, indicating the highlight color to mark when the current rule matches the corresponding HTTP message. HaE has a color upgrade algorithm that automatically upgrades the marking color when the same color appears. |
| Sensitive | Case sensitivity, indicating whether the current rule is case-sensitive. If sensitive (True), it strictly matches the case; if insensitive (False), it does not consider case differences. |
- Functionality: By highlighting, annotating, and extracting information from HTTP messages, it helps users obtain meaningful insights, focusing on high-value messages.
- Interface: With a clear and visually intuitive design, and simple interface interactions, users can more easily understand and configure the project, avoiding the complexity of a
multitude of buttons. - Query: Highlights, annotations, and extracted information from HTTP messages are centralized in a single data panel, allowing for one-click queries and extraction of information, thereby improving testing and analysis efficiency.
- Algorithm: Built-in color upgrade algorithm automatically upgrades the marking color by one level when the same color appears, preventing the scenario where
the dragon slayer becomes the dragon. - Management: Integrated with BurpSuite's project data management, HaE data is stored along with BurpSuite project data when saving projects.
- Practical Application: The official rule library and rule field functionalities are summarized and output based on real-world scenarios, thereby enhancing the effectiveness and accuracy of data discovery.
| Name | Display |
|---|---|
| Rules |  |
| Config |  |
| Databoard |  |
| MarkInfo |  |
We appreciate everyone's support for the project. The following list is sorted based on the time of appreciation and is not in any particular order. If there are any omissions, please contact the project author for additions.
| ID | Amount |
|---|---|
| 毁三观大人 | 200.00¥ |
| ttt | 50.00¥ |
| C_soon5 | 66.66¥ |
| 1wtbb | 25.00¥ |
| Deep | 66.66¥ |
| NaTsUk0 | 50.00¥ |
| Kite | 48.00¥ |
| 红色键盘 | 99.99¥ |
| 曾哥 | 188.88¥ |
| NOP Team | 200.00¥ |
| vaycore | 188.88¥ |
| xccc | 168.00¥ |
| 柯林斯-民间新秀 | 1000.00¥ |
| Cuber | 100.00¥ |
| 时光难逆 | 50.00¥ |
| Celvin | 66.00¥ |
If you find HaE useful, you can show your appreciation by donating to the author, giving them the motivation to continue updating and improving it!
HaE is part of the 404Team's Starlink Plan 2.0. If you have any questions about HaE or want to connect with other users, you can refer to the group joining methods provided by the Starlink Plan.
