HaE - Highlighter and Extractor

Note: My english is not very good, Thanks!

Read Chinese simplified version (README_zh).

Public Rules

Website: https://gh0st.cn/HaE/

Introduction

HaE is used to highlight HTTP requests and extract information from HTTP response messages or request messages.

The plugin can custom regular expression to match HTTP response messages. You can decide for yourself whether the corresponding request that meets the custom regular expression match needs to be highlighted and information extracted.

Note: The use of HaE requires a basic regular expression foundation for testers. Since the Java regular expression library is not as elegant or convenient as Python, when using regular expressions, HaE requires users to use () to extract what they need The expression content contains; for example, if you want to match a response message of a Shiro application, the normal matching rule is rememberMe=delete, if you want to extract this content, you need to become (rememberMe=delete).

Instructions

Load: Extender - Extensions - Add - Select File - Next

The configuration file is initialized when HaE is loaded for the first time. The default configuration file has a built-in regular expression: Email. The initialized configuration file will be placed in the same directory as the BurpSuite Jar package.

In addition to the initial configuration file, there is init.hae, which is used to store the configuration file path; HaE supports custom configuration file paths, and you can select a custom configuration file by clicking the Select File button.

HaE supports three actions:

1. Reload: It can be used when you do not use the HaE UI interface to modify the rules in the configuration file, but directly modify the rules based on the configuration file;
2. New: Add a new rule will automatically add a row of table data, click or double-click to modify the data to automatically save;
3. Delete: When you click to select a rule, press this button to delete the rule.

Note: HaE's operations are based on the form UI, and all operations will be automatically saved.

Plugin Advantages

1. Multi-option custom adaptation requirements;
2. Multi-color classification (colors of BurpSuite): red, orange, yellow, green, cyan, blue, pink, magenta, gray;
3. Color upgrade algorithm: Two regulars expression, the colors are both orange, if the request are matched these, it will be upgraded to red.
4. The configuration file format uses JSON format, the format is

   {name: {"loaded": isLoaded,"regex": regexText, "scope": request/response/any, "action": extract/highlight/any, "color": colorText, "engine": dfa/nfa}}
   

5. Built-in simple cache to reduce the stuttering phenomenon in the multi-regular, big data scenario.

Actual Use

Use RGPerson to generate test data and put it in the root directory file of the website:

Visit the address, you can see the highlighted request in the Proxy-HTTP History, and you can see the response tab contains the MarkINFO tag, which extracts the matched information.

Regular Expression Optimization

Some regular expression are not ideal in actual combat application scenarios.

There will be some false positives when regular expression matching mobile phone numbers (pure numbers), the mobile phone number processing can be solved:

Original regular expression:

1[3-9]\d{9}

False positive scenario: 12315188888888123, it will match 15188888888, but this paragraph is not a mobile phone number, so the modification rule is:

[^0-9]+(1[3-9]\d{9})[^0-9]+

The mobile phone number required to be matched cannot be a number from 0-9.

404StarLink 2.0 - Galaxy

HaE 是 404Team 星链计划2.0中的一环，如果对HaE 有任何疑问又或是想要找小伙伴交流，可以参考星链计划的加群方式。

• https://github.com/knownsec/404StarLink2.0-Galaxy#community