HaE

Empower white hats and fight efficiently!

First author: EvilChen (Zhongfu Information Yuanheng Laboratory)
Second author: 0chencc (Mister Security Team)
Third author: vaycore (Independent Security Researcher)

HaE is a framework project in the field of network security (data security) . It adopts the Lego block-style modular design concept and cleverly incorporates artificial intelligence big model assist technology to achieve refined tagging of HTTP messages (including WebSocket). and extract.

By using custom regular expressions with multiple engines , HaE can accurately match and process HTTP requests and response messages (including WebSockets), effectively mark and extract information on matching successfully, thereby improving the field of network security (data security) vulnerabilities and data analysis efficiency .

As modern web applications adopt a development model of front-end separation, the captured HTTP request traffic also increases accordingly during daily vulnerability mining. If you want to fully evaluate a web application, it will spend a lot of time on useless messages. HaE is designed to solve this kind of situation . With HaE, you can effectively reduce testing time and focus more on valuable and meaningful messages, thereby improving vulnerability mining efficiency .

GitHub project address: https://github.com/gh0stkey/HaE

GitCode project address: https://gitcode.com/gh0stkey/HaE

Honors received :

1. Selected in the 2022 KCon Weapons
2. Selected for the GitCode G-Star project

Notes :

1. HaE 3.3 version has enabled new AI+ function. This function currently only supports Alibaba's Qwen-Long model (supports ultra-long text) and moonshot-v1-128k model (supports short text) on the Dark Side of the Moons. Please pay attention when configuring and using it. .
2. HaE 3.0 version has begun to be developed using Montoya API . Using the new version of HaE requires upgrading your BurpSuite version (>=2023.12.1).
3. The rule fields have been updated after HaE version 2.6, so the rules cannot be adapted to the <= 2.6 version. Please go to the rule conversion page to convert.
4. The official HaE rule library is stored on Github, so when clicking Update to upgrade the official HaE rule library, you need to use a proxy (BApp review takes into account security, CDN is not allowed).
5. Custom HaE rules must include the content of the expression to be extracted in left and right brackets () . For example, if you want to match a Shiro application 's response message, the normal matching rule is rememberMe=delete , and in HaE rules, it needs to be (rememberMe=delete) .

Plug-in loading: Extender - Extensions - Add - Select File - Next

The initial loading of HaE will load the offline rule library from the Jar package. If updated, it will pull https://raw.githubusercontent.com/gh0stkey/HaE/gh-pages/Rules.yml from the official rule library address, and the configuration file ( Config.yml ) and rule files ( Rules.yml ) will be placed in a fixed directory:

1. Linux/Mac user configuration file directory: ~/.config/HaE/
2. Windows user configuration file directory: %USERPROFILE%/.config/HaE/

In addition, you can also choose to store the configuration file in /.config/HaE/ in the sibling directory of HaE Jar包for easy offline portability .

HaE's current rules have 8 fields, and the detailed meaning is as follows:

1. Function : By highlighting, annotating and extracting the color of HTTP messages, it helps users obtain meaningful information and focus on high-value messages .
2. Interface : Clear and visual interface design and concise interface interaction help users understand and configure projects more easily and avoid complex多按钮experiences .
3. Query : Concentrate the highlighting, annotation and extracting related information of HTTP messages in a data panel , and you can query and extract information with one click, thereby improving the efficiency of testing and sorting.
4. Algorithm : Built-in upgrade algorithm for highlighted colors. When the same color appears, a color will be automatically upgraded upward for marking to prevent屠龙者终成恶龙scene .
5. Management : Supports one-click export and import of data, and stores project data in a custom .hae file to facilitate storing and sharing project data .
6. Practical combat : The functions of the official rule base and the function of the rule field are based on the summary and output of practical scenarios , so as to improve the effectiveness and accurate discovery of the data .
7. Intelligence : Integrate artificial intelligence (AI) big model API to optimize the matching data and improve the efficiency of data-based vulnerability mining .

Interface name	Interface display
Rules (Rules Management)
Config-Setting (Setting configuration management)
Config-AI+ (AI+Configuration Management)
Databoard (data collection)
MarkInfo (data display)

If you think HaE is useful, you can reward the author and give the author the motivation to continue to update!

HaE is a link in 404Team Starlink Plan 2.0. If you have any questions about HaE or want to communicate with friends, you can refer to the Starlink Plan's grouping method.

• https://github.com/knownsec/404StarLink2.0-Galaxy#community