Highlighter And Extractor

HaE is a framework-style project in the field of cybersecurity (data security) that adopts a Lego brick-style modular design philosophy. It focuses on fine-grained tagging and extraction of HTTP messages, including WebSocket. HaE uses multi-engine customized regular expressions to accurately match and process HTTP requests and responses, effectively tagging and extracting information from successfully matched content. This enhances the efficiency of vulnerability and data analysis in cybersecurity.

As modern web applications increasingly adopt front-end and back-end separation development models, the volume of captured HTTP request traffic during vulnerability discovery has risen significantly. HaE addresses this issue by reducing testing time and helping users focus on valuable and meaningful messages, thus improving the efficiency of vulnerability discovery.

Features

• Fine-grained Tagging & Extraction: Processes HTTP requests and responses, including WebSocket, with precise tagging and extraction of relevant data.
• Optimized for Efficiency: Reduces testing time by focusing on valuable, meaningful messages during vulnerability discovery.
• Customizable Rules: Users can define their own rules using regular expressions to match specific patterns in HTTP traffic.
• Color Highlighting: Matches are highlighted with customizable colors, with an automatic upgrade algorithm to avoid redundant color markings.
• Integrated with BurpSuite: HaE stores data alongside BurpSuite project data for seamless project management.
• Query Management: Centralized data panel for one-click queries and extraction of information, improving testing and analysis efficiency.

Usage

Upon first use, HaE will load the offline rule database from the Jar package. To update rules, click Reinit to reinitialize the database. Access the rule database on GitHub for the built-in rule set: https://github.com/gh0stkey/HaE/blob/master/src/main/resources/rules/Rules.yml.

The configuration file (Config.yml) and rule file (Rules.yml) are stored in a fixed directory:

1. For Linux/Mac: ~/.config/HaE/
2. For Windows: %USERPROFILE%/.config/HaE/

Custom HaE rules must enclose the expressions to be extracted within parentheses (). For example, if you want to match a response message from a Shiro application, the normal matching rule would be rememberMe=delete, but in HaE's rule format, it needs to be written as (rememberMe=delete).