• Home
  • Become a Hacker
    • Get Started
    • Hacker Mindset
    • Roadmap
    • Simple Setup – Hacker 101
    • Types of Hackers
    • Recommended Courses
  • Boot People Offline
  • Courses
    • All Hacking Courses
    • Cyber Security School
  • CTF
    • Beginners to Advanced Guide
    • Create your own CTF box
    • Field and Resources Guide
    • Platforms & Wargames
    • Tools Used for Solving CTF
    • Writeups
  • Dark Web
    • Beginners Guide
    • Darknet Markets
    • Darkweb 101 (Anonymity Guide)
    • Dark Web OSINT Tools
    • Hacking Forums
    • Latest News
    • Onion Links
  • Hacker Gadgets
  • Hacking Books
  • Tools Directory
Menu
  • Home
  • Become a Hacker
    • Get Started
    • Hacker Mindset
    • Roadmap
    • Simple Setup – Hacker 101
    • Types of Hackers
    • Recommended Courses
  • Boot People Offline
  • Courses
    • All Hacking Courses
    • Cyber Security School
  • CTF
    • Beginners to Advanced Guide
    • Create your own CTF box
    • Field and Resources Guide
    • Platforms & Wargames
    • Tools Used for Solving CTF
    • Writeups
  • Dark Web
    • Beginners Guide
    • Darknet Markets
    • Darkweb 101 (Anonymity Guide)
    • Dark Web OSINT Tools
    • Hacking Forums
    • Latest News
    • Onion Links
  • Hacker Gadgets
  • Hacking Books
  • Tools Directory
Search
Close
  • Home
  • 2021
  • February
  • 23
  • HaE – BurpSuite Highlighter And Extractor

HaE – BurpSuite Highlighter And Extractor

February 23, 2021 Comments Off on HaE – BurpSuite Highlighter And Extractor
HaE: BurpSuite Highlighter and Extractor cybersecurity ethical hacking hack android hack app hack wordpress hacker news hacking hacking tools for windows keylogger kit kitploit password brute force penetration testing pentest pentest android pentest linux pentest toolkit pentest tools spy tool kit spyware tools

HaE is used to highlight HTTP requests and extract information from HTTP response messages or request messages.

Read Chinese simplified version (README_zh).

Public Rules

Website: https://gh0st.cn/HaE/

Introduction

HaE is used to highlight HTTP requests and extract information from HTTP response messages or request messages.

The plugin can custom regular expression to match HTTP response messages. You can decide for yourself whether the corresponding request that meets the custom regular expression match needs to be highlighted and information extracted.

Note: The use of HaE requires a basic regular expression foundation for testers. Since the Java regular expression library is not as elegant or convenient as Python, when using regular expressions, HaE requires users to use () to extract what they need The expression content contains; for example, if you want to match a response message of a Shiro application, the normal matching rule is rememberMe=delete, if you want to extract this content, you need to become (rememberMe=delete).

Instructions

Load: Extender - Extensions - Add - Select File - Next

The configuration file is initialized when HaE is loaded for the first time. The default configuration file has a built-in regular expression: Email. The initialized configuration file will be placed in the same directory as the BurpSuite Jar package.

In addition to the initial configuration file, there is init.hae, which is used to store the configuration file path; HaE supports custom configuration file paths, and you can select a custom configuration file by clicking the Select File button.

HaE supports three actions:

  1. Reload: It can be used when you do not use the HaE UI interface to modify the rules in the configuration file, but directly modify the rules based on the configuration file;
  2. New: Add a new rule will automatically add a row of table data, click or double-click to modify the data to automatically save;
  3. Delete: When you click to select a rule, press this button to delete the rule.

Note: HaE's operations are based on the form UI, and all operations will be automatically saved.

Plugin Advantages

  1. Multi-option custom adaptation requirements;
  2. Multi-color classification (colors of BurpSuite): red, orange, yellow, green, cyan, blue, pink, magenta, gray;
  3. Color upgrade algorithm: Two regulars expression, the colors are both orange, if the request are matched these, it will be upgraded to red.
  4. The configuration file format uses JSON format, the format is
    {name: {"loaded": isLoaded,"regex": regexText, "scope": request/response/any, "action": extract/highlight/any, "color": colorText, "engine": dfa/nfa}}
  5. Built-in simple cache to reduce the stuttering phenomenon in the multi-regular, big data scenario.

Actual Use

Use RGPerson to generate test data and put it in the root directory file of the website:

Visit the address, you can see the highlighted request in the Proxy-HTTP History, and you can see the response tab contains the MarkINFO tag, which extracts the matched information.

Regular Expression Optimization

Some regular expression are not ideal in actual combat application scenarios.

There will be some false positives when regular expression matching mobile phone numbers (pure numbers), the mobile phone number processing can be solved:

Original regular expression:

1[3-9]d{9}

False positive scenario: 12315188888888123, it will match 15188888888, but this paragraph is not a mobile phone number, so the modification rule is:

[^0-9]+(1[3-9]d{9})[^0-9]+

The mobile phone number required to be matched cannot be a number from 0-9.

Download HaE

Post navigation

Australian Man Sentenced for Selling Ecstasy on the Darkweb
conjur v1.11.3 releases: secures secrets used by privileged users and machine identities

Related Articles

Fake-Sms - A Simple Command Line Tool Using Which You Can Skip Phone Number Based SMS Verification By Using A Temporary Phone Number That Acts Like A Proxy

Fake-Sms – A Simple Command Line Tool Using Which You Can Skip Phone Number Based SMS Verification By Using A Temporary Phone Number That Acts Like A Proxy

- Hack Tools
March 2, 2021
OWASP ASST (Automated Software Security Toolkit) - A Novel Open Source Web Security Scanner

OWASP ASST (Automated Software Security Toolkit) – A Novel Open Source Web Security Scanner

- Hack Tools
March 2, 2021
URLs Deduplication Tool

uddup: URLs Deduplication Tool

- Hack Tools
March 2, 2021
hacker gadgets
hacker phone covers

Recent Posts

Fake-Sms - A Simple Command Line Tool Using Which You Can Skip Phone Number Based SMS Verification By Using A Temporary Phone Number That Acts Like A Proxy

Fake-Sms – A Simple Command Line Tool Using Which You Can Skip Phone Number Based SMS Verification By Using A Temporary Phone Number That Acts Like A Proxy

March 2, 2021
OWASP ASST (Automated Software Security Toolkit) - A Novel Open Source Web Security Scanner

OWASP ASST (Automated Software Security Toolkit) – A Novel Open Source Web Security Scanner

March 2, 2021
CVE-2020-1938: Apache Tomcat AJP Connector Remote Code Execution Vulnerability Alert

CVE-2021-25329: Apache Tomcat session code execution vulnerability alert

March 2, 2021
URLs Deduplication Tool

uddup: URLs Deduplication Tool

March 2, 2021
SnitchDNS

SnitchDNS: Database Driven DNS Server

March 2, 2021
Halogen - Automatically Create YARA Rules From Malicious Documents

Halogen – Automatically Create YARA Rules From Malicious Documents

March 1, 2021

Social Media Hacking

SocialPath – Track users across Social Media Platforms

SocialPath – Track users across Social Media Platforms

- Social Media Hacking
October 16, 2019October 16, 2019

SocialPath is a django application for gathering social media intelligence on specific username. It checks for Twitter, Instagram, Facebook, Reddit...

SocialScan – Check Email Address and Username Availability on Online Platforms

SocialScan – Check Email Address and Username Availability on Online Platforms

June 17, 2019
Shellphish – Phishing Tool For 18 Social Media Apps

Shellphish – Phishing Tool For 18 Social Media Apps

June 10, 2019July 27, 2019
WhatsApp Hacking using QRLJacking

WhatsApp Hacking using QRLJacking

May 2, 2019May 19, 2019
How to Hack any Facebook Account with Z-Shadow

How to Hack any Facebook Account with Z-Shadow

April 26, 2019June 29, 2020
hacker buffs
ABOUT US

Haxf4rall is a collective, a good starting point and provides a variety of quality material for cyber security professionals.

Our primary focus revolves around the latest tools released in the Infosec community and provide a platform for developers to showcase their skillset and current projects.

COMPANY
  • Contact Us
  • Disclaimer
  • Hacker Gadgets
  • LANC Remastered
  • PCPS IP Puller
  • Privacy Policy
  • Sitemap
  • Submit your Tool
Menu
  • Contact Us
  • Disclaimer
  • Hacker Gadgets
  • LANC Remastered
  • PCPS IP Puller
  • Privacy Policy
  • Sitemap
  • Submit your Tool
Live Chat
RESOURCES
  • Attack Process
  • Become a Hacker
  • Career Pathways
  • Dark Web
  • Hacking Books
  • Practice Your Skills
  • Recommended Courses
  • Simple Setup – Hacker 101
Menu
  • Attack Process
  • Become a Hacker
  • Career Pathways
  • Dark Web
  • Hacking Books
  • Practice Your Skills
  • Recommended Courses
  • Simple Setup – Hacker 101
Get Started
TOOLBOX
  • Anonymity
  • Bruteforce
  • DoS – Denial of Service
  • Information Gathering
  • Phishing
  • SQL Injection
  • Vulnerability Scanners
  • Wifi Hacking
Menu
  • Anonymity
  • Bruteforce
  • DoS – Denial of Service
  • Information Gathering
  • Phishing
  • SQL Injection
  • Vulnerability Scanners
  • Wifi Hacking
Tools Directory

2014 – 2020 | Haxf4rall.com               Stay Connected:

Facebook
Twitter
Google-plus
Wordpress
Please wait...

Join Our Community

Subscribe now and get your free HACKERS HANDBOOK

Don't Worry ! You will not be spammed
SIGN UP FOR NEWSLETTER NOW