Introduction to HaE Project
HaE is a cutting-edge framework developed for the field of network and data security. It embodies a modular "Lego-like" design approach, complemented by artificial intelligence to enhance its functionality. This sophisticated software is tailored for refined identification and extraction of HTTP messages, including WebSocket communications.
Key Features
- Modular Design: Inspired by the modular principles of Lego, HaE allows for seamless integration and expansion of functionalities.
- AI Assistance: The project incorporates large AI models to assist in the meticulous marking and extraction of relevant data from HTTP communications.
- Efficient Data Processing: With custom multi-engine regular expressions, HaE can efficiently match, process, and analyze HTTP requests and responses. This makes it an invaluable tool for improving the efficiency of vulnerability and data analysis in security assessments.
Addressing Modern Challenges
Modern web applications often employ a front-end and back-end separation architecture, which increases the volume of captured HTTP traffic during vulnerability assessment. HaE addresses this challenge by enabling security professionals to focus on valuable and meaningful messages, thereby reducing the time spent on processing non-essential data and significantly improving vulnerability detection efficiency.
Project Information
HaE is accessible via its GitHub and GitCode repositories, offering detailed documentation and updates.
Achievements
HaE has garnered notable recognition and endorsements:
- Inclusion in the 2022 KCon Weapon Spectrum.
- Recognized as a GitCode G-Star Project.
Important Notes
- AI Integration: As of version 3.3, AI+ features have been integrated, currently supporting models like Alibaba's
Qwen-Longand Moonshot'smoonshot-v1-128k. - Compatibility: Starting from version 3.0, the project uses
Montoya API, necessitating an upgrade of BurpSuite to version 2023.12.1 or later. - Rule Updates: Version 2.6 introduced changes to rule fields which are not backward compatible. Users can convert older rules via the conversion tool.
- Official Rules Storage: Hosted on GitHub, users need a proxy when updating the rule library due to security considerations.
- Custom Rule Requirements: HaE stipulates the use of parentheses in custom rules for proper extraction of expressions.
How to Use
To load the plugin:
- Navigate to
Extender -> Extensions -> Add. - Select the file and proceed.
Configuration files are located in specific directories:
- Linux/Mac:
~/.config/HaE/ - Windows:
%USERPROFILE%/.config/HaE/
Alternatively, configuration files can be stored in a .config/HaE/ directory adjacent to the HaE Jar file for offline portability.
Rules Explanation
HaE's rules consist of eight distinct fields, each with specific functions:
- Name: Briefly describes the rule's function.
- F-Regex and S-Regex: Define the regular expressions used for data extraction and post-processing.
- Format: Defines how outputs are structured after regex application.
- Scope: Indicates which part of the HTTP message the rule targets.
- Engine: Designates the regex engine used, DFA for speed or NFA for complexity.
- Color: Specifies highlight colors for matched content.
- Sensitive: Determines case sensitivity of the rule.
Advantages
- Enhanced Focus: By highlighting and annotating HTTP messages, HaE focuses attention on valuable information.
- User-Friendly Interface: Designed for clear and straightforward interaction, avoiding overwhelming users with excessive options.