Professional Community
HaE is a framework-style project in the field of cybersecurity (data security) that adopts a Lego brick-style modular design philosophy. It focuses on fine-grained tagging and extraction of HTTP messages, including WebSocket. HaE uses multi-engine customized regular expressions to accurately match and process HTTP requests and responses, effectively tagging and extracting information from successfully matched content. This enhances the efficiency of vulnerability and data analysis in cybersecurity.
As modern web applications increasingly adopt front-end and back-end separation development models, the volume of captured HTTP request traffic during vulnerability discovery has risen significantly. HaE addresses this issue by reducing testing time and helping users focus on valuable and meaningful messages, thus improving the efficiency of vulnerability discovery.
Upon first use, HaE will load the offline rule database from the Jar package. To update rules, click Reinit
to reinitialize the database. Access the rule database on GitHub for the built-in rule set: https://github.com/gh0stkey/HaE/blob/master/src/main/resources/rules/Rules.yml.
The configuration file (Config.yml
) and rule file (Rules.yml
) are stored in a fixed directory:
~/.config/HaE/
%USERPROFILE%/.config/HaE/
Custom HaE rules must enclose the expressions to be extracted within parentheses ()
. For example, if you want to match a response message from a Shiro application, the normal matching rule would be rememberMe=delete
, but in HaE's rule format, it needs to be written as (rememberMe=delete)
.
Author |
Author
gh0stkey |
---|---|
Version |
Version
4.2.1 |
Rating |
Rating |
Popularity |
Popularity |
Last updated |
Last updated
20 May 2025 |
Estimated system impact |
Estimated system impact
Overall impact: Medium
Memory
Low
CPU
Medium
General
Medium
Scanner
Low
|
You can install BApps directly within Burp, via the BApp Store feature in the Burp Extender tool. You can also download them from here, for offline installation into Burp.
|
You can view the source code for all BApp Store extensions on our GitHub page. |
|
Follow @BApp_Store on Twitter to receive notifications of all BApp releases and updates. |
Please note that extensions are written by third party users of Burp, and PortSwigger Web Security makes no warranty about their quality or usefulness for any particular purpose.
Please note that extensions are written by third party users of Burp, and PortSwigger Web Security makes no warranty about their quality or usefulness for any particular purpose.